CN115473707A - Privacy intersection summing method and device - Google Patents

Privacy intersection summing method and device Download PDF

Info

Publication number
CN115473707A
CN115473707A CN202211050698.9A CN202211050698A CN115473707A CN 115473707 A CN115473707 A CN 115473707A CN 202211050698 A CN202211050698 A CN 202211050698A CN 115473707 A CN115473707 A CN 115473707A
Authority
CN
China
Prior art keywords
value
privacy
data
data set
summation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211050698.9A
Other languages
Chinese (zh)
Inventor
鲍翊平
王磊
陈玉玲
梁清平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Huayun Xin'an Technology Co ltd
Guizhou University
Original Assignee
Guizhou Huayun Xin'an Technology Co ltd
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Huayun Xin'an Technology Co ltd, Guizhou University filed Critical Guizhou Huayun Xin'an Technology Co ltd
Priority to CN202211050698.9A priority Critical patent/CN115473707A/en
Publication of CN115473707A publication Critical patent/CN115473707A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a method and a device for privacy intersection summation, wherein the method comprises the following steps: generating a random private exponent and an addition homomorphic encryption key pair; generating confusion elements, and combining the confusion elements and the original privacy data into a new privacy data set; carrying out data transformation processing on the data correlation value; generating a dummy, and filling the dummy into the privacy data set synthesized with the confusion element; and executing a privacy intersection summation calculation protocol to obtain an associated value encryption summation value and a recovery value encryption summation value, finally decrypting the associated value encryption summation value and the recovery value encryption summation value by using an addition homomorphic encryption algorithm, and processing to obtain the associated value summation value. The embodiment of the application can solve the following problems existing in the existing privacy intersection summation: the problems that data and the number of data in data sets held by two parties are possibly leaked are solved; the problem that data and data number in the intersection are possibly leaked is solved; when there is a negative integer in the set of correlation values, the correlation values cannot be added and summed.

Description

Privacy intersection summing method and device
Technical Field
The invention relates to the field of data processing, in particular to a method and a device for privacy intersection summation.
Background
The Sum of privacy intersections (Private interaction-Sum-with-card) means that two parties (receiver and sender, or called first party and second party) each have a data set, and data in the data sets can be distinguished by identifiers (identifiers), wherein the data set held by one party has an integer attribute (correlation value) in addition to the identifier. The Cardinality (Cardinality) of the intersection of the data sets and the sum of the element integer attributes in the intersection are obtained through interaction between the two parties, and the two parties cannot obtain any other information except the information.
The privacy intersection set has wide application in the data processing field, for example, online advertising is an important advertising form. A common method for measuring the effectiveness of an advertisement is to calculate a so-called conversion rate, i.e. how many of the users browsing the advertisement have finally browsed the corresponding goods page, or have finally purchased the corresponding goods or services. One common calculation method is to calculate (e.g., calculate the total amount of a transaction) by calculating the intersection of the user information for viewing the advertisement (held by the sender of the advertisement) and the user information for completing the corresponding transaction (held by the merchant). And at the same time, the user information of the two parties is private.
Currently common privacy intersection summation computation protocols include Diffie-Hellman cryptographic exchange based protocols, cryptographic bloom filter based protocols, and random oblivious transport based protocols. These protocols consist of two parts, a privacy summation part and a homomorphic encryption summation part. The privacy intersection solving component is used for determining the intersection of the double-sending owned data sets, and the homomorphic encryption summation component carries out summation operation on the basis of the intersection to obtain a final result.
In the process of implementing the invention, the applicant finds that in the prior art, the data in the data sets held by the two parties has leakage risks,
therefore, how to better protect the privacy of the data sets held by both parties and avoid leakage is a problem to be solved.
Disclosure of Invention
The embodiment of the invention provides a method and a device for privacy intersection summation, and provides a technical scheme for preventing data leakage in the privacy intersection summation process, so that the safety and the adaptability of multiparty privacy intersection summation are effectively improved.
In one aspect, an embodiment of the present invention provides a privacy intersection summing method, where the privacy intersection summing method includes:
a first party system generates a first random privacy index;
the second party system generates a second random privacy index;
the second party system sequentially performs data confusion processing, data transformation processing and data filling processing on the second privacy data set to obtain a second processed privacy data set;
the first party system carries out data confusion processing and data filling processing on the input data of the first privacy data set in sequence to obtain a first processed privacy data set;
according to the first random private index, the second random private index, the first processed private data set and the second processed private data set, the second party system and the first party system determine an intersection of the first party private data set and the second party private data set according to a privacy intersection summation calculation protocol, and calculate an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
the second party system decrypts the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to obtain a correlation value summation value containing the recovery value and a recovery value summation value;
and subtracting the recovery value summation value from the correlation value summation value containing the recovery value to obtain a correlation value summation value.
Preferably, before the second party system generates a random privacy index, the method further comprises: preparing input data for the second party system; preprocessing input data of the second party system to obtain a second privacy data set;
preferably, before the first party system generates a random privacy index, the method further comprises: preparing input data for the first party system; preprocessing input data of the first party system to obtain a first privacy data set;
preferably, the second party system sequentially performs data obfuscation processing, data transformation processing, and data padding processing on the second private data set to obtain a second processed private data set, and the method includes:
generating confusion elements and sending a set of confusion elements to the first party system;
randomly obtaining a confusion element subset from the confusion element set;
data obfuscating the second private data set by the subset of obfuscating elements;
performing data transformation processing on all the associated values in the second privacy data set subjected to data obfuscation;
randomly generating a second dummy, and filling the second dummy into a second privacy data set subjected to data confusion and data transformation processing to form a second processed privacy data set;
the first party system carries out data confusion processing and data filling processing on the first privacy data set in sequence to obtain a first processed privacy data set, and the method comprises the following steps:
receiving the confusion meta-set sent by the second party system, and performing data confusion on the first privacy data set through the confusion meta-set;
and randomly generating a first dummy, and filling the first dummy into a first privacy data set subjected to data confusion to form the first processed privacy data set.
Preferably, the data transformation processing on all the associated values in the second private data set subjected to data obfuscation includes:
the second party system traverses all the correlation values in the second privacy data set which is subjected to data confusion and data transformation processing, and finds out the minimum value in all the correlation values;
if the minimum value is greater than 0, taking 0 as a recovery value;
if the minimum value is less than 0, taking the minimum value as a recovery value;
converting all the correlation values into correlation values containing recovery values; converting all the associated values into associated values containing recovery values, including: subtracting the recovery value from each of the associated values, respectively.
Preferably, the determining, according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculating an associated value encrypted summation value containing a recovery value in the intersection and a recovery value encrypted summation value corresponding to the associated value encrypted summation value containing the recovery value, includes:
the second party system generates a homomorphic encryption key pair according to the preprocessed second input data, and sends a public key in the key pair to the first party system;
the first party system retrieves a first UID from the first processed privacy data set, performs blinding processing and scrambling processing on the first UID in sequence to obtain a first once-processed UID, and then sends the first once-processed UID to the second party system;
the second party system performs blinding processing and scrambling processing on the primary processed first UID again to obtain a secondary processed first UID, and then sends the secondary processed first UID to the first party system;
the second party system retrieves a second UID from the second processed privacy data set, and performs blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
the second party system retrieves the associated value containing the recovery value from the second processed privacy data set, and sequentially performs homomorphic encryption processing and scrambling processing on the associated value containing the recovery value to obtain an encrypted associated value containing the recovery value;
the second party system performs homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
the second party system sends the processed second UID, the encrypted associated value containing the recovery value and the encrypted recovery value to the first party system;
the first party system matches the secondarily processed first UID with the processed second UID, and encrypts and sums the encrypted associated value and the encrypted recovery value which contain the recovery value and correspond to the UID which is successfully matched with the first UID respectively to obtain an associated value encrypted sum value containing the recovery value and a recovery value encrypted sum value;
and the first party system sends the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to the second party system.
In another aspect, an embodiment of the present invention provides a privacy intersection summing apparatus, where the privacy intersection summing apparatus includes:
the second system module is used for the second party system to generate the second random private index, and the second party system performs data confusion processing, data transformation processing and data filling processing on the second private data set in sequence to obtain a second processed private data set;
the first system module is used for the first party system to generate the first random private index, and the first party system performs data confusion processing and data filling processing on the input data of the first private data set in sequence to obtain a first processed private data set;
the first system module and the second system module are further configured to determine, according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculate an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
the second system module is further configured to decrypt the correlation value encrypted sum value containing the recovery value and the recovery value encrypted sum value to obtain a correlation value sum value containing the recovery value and a recovery value sum value;
and the second system module is also used for subtracting the recovery value summation value from the correlation value summation value of the recovery value to obtain a correlation value summation value.
Preferably, the privacy intersection summing means further comprises:
the second system module is also used for preprocessing the data of the second party system to obtain a second party privacy data set;
the first system module is further configured to pre-process data of the first-party system to obtain a first-party privacy data set.
Preferably, the second system module is further configured to compute input data processing for a second privacy intersection sum, including:
for generating the confusion element, sending the set of confusion elements to the first party system;
randomly obtaining a confusion element subset from the confusion element set, and performing data confusion on the second meaning data set through the confusion element subset;
the data conversion processing is carried out on all the correlation values in the second privacy data set subjected to data confusion;
the device is used for generating the second dummy, and filling the second dummy into a second privacy data set subjected to data obfuscation and data transformation processing to form the second processed privacy data set;
the first system module is further for summing a first private data set to compute an input data process, comprising:
the obfuscating element set is used for receiving the obfuscating element set sent by the second party system and performing data obfuscation on the first privacy data set through the obfuscating element set;
the method is used for generating a first dummy, and filling the first dummy into a first privacy data set subjected to data obfuscation to form the first processed privacy data set.
Preferably, the second system module is further configured to perform a data transformation process in the second privacy intersection sum computation input data process, including:
and converting the negative integer in the correlation value into a non-negative integer when the correlation value is used for data transformation processing.
Preferably, the second system module and the first system module are further for the second privacy intersection summation protocol execution, comprising:
the second system module is used for generating a homomorphic encryption key pair by the second party system according to the preprocessed second input data and sending a public key in the key pair to the first party system;
the first system module is used for retrieving a first UID from the first processed privacy data set, conducting blinding processing and scrambling processing on the first UID in sequence to obtain a first processed UID, and then sending the first sequentially processed UID to the second party system;
the second system module is used for retrieving a second UID from the second processed privacy data set and conducting blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
the second system module is used for retrieving the associated value containing the recovery value from the second processed privacy data set, and sequentially performing homomorphic encryption processing and scrambling processing on the associated value containing the recovery value to obtain an encrypted associated value containing the recovery value;
the second system module is used for carrying out homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
the second system module is used for sending the processed second UID, the encrypted association value containing the recovery value and the encrypted recovery value to the first party system;
the first system module is used for matching the secondarily processed first UID with the processed second UID, and respectively carrying out encryption summation on the encryption associated value and the encryption recovery value which contain the reply bamboo and correspond to the UID which is successfully matched, so as to obtain an associated value encryption summation value containing the recovery value and a recovery value encryption summation value;
and the first system module sends the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to the second system.
The technical scheme has the following beneficial effects:
the data of carrying out privacy intersection summation calculation reveals the risk and reduces in the interaction process, improves data security, mainly shows:
1. adding a certain amount of dummy elements into the data held by the two parties, wherein the two parties only can obtain data and data number in a data set after the dummy elements are added by the other party, and cannot obtain the data and data number in a real data set;
3. adding a certain number of confusion elements into the data of both sides, wherein both sides can only obtain the data and the data number in the intersection after the confusion elements are added by the other side, and the data number in the intersection of the real data set cannot be obtained;
3. when negative integers exist in the party set with the associated values, addition and summation can be carried out, so that the safety and the adaptability of the multiparty privacy intersection summation are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a privacy intersection summation method according to an embodiment of the present invention;
FIG. 2 is a flow chart of system data processing of a second party according to an embodiment of the present invention;
FIG. 3 is a flow chart of the first system data processing method according to the embodiment of the present invention
FIG. 4 is a schematic structural diagram of a privacy intersection summing apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic flow chart of an embodiment of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The above technical solutions of the embodiments of the present invention are described in detail below with reference to specific application examples, and reference may be made to the foregoing related descriptions for technical details that are not described in the implementation process.
As shown in fig. 1, which is a flowchart of a method for privacy intersection summation according to an embodiment of the present invention, the method for privacy intersection summation includes:
s1, a first party system generates a first random private index;
s2, the second party system generates a second random private index;
s3, the second party system sequentially performs data confusion processing, data transformation processing and data filling processing on the second privacy data set to obtain a second processed privacy data set;
s4, the first party system conducts data confusion processing and data filling processing on input data of the first privacy data set in sequence to obtain a first processed privacy data set;
s5, according to the first random private index, the second random private index, the first processed private data set and the second processed private data set, determining an intersection of the first party private data set and the second party private data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculating an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
s6, the second party system decrypts the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to obtain a correlation value summation value containing the recovery value and a recovery value summation value;
and S7, subtracting the recovery value summation value from the correlation value summation value containing the recovery value to obtain a correlation value summation value.
Preferably, before the second party system generates a random privacy index, the method further comprises: preparing input data for the second party system; preprocessing input data of the second party system to obtain a second privacy data set; the input data is prime order group G, using hash function
Figure BDA0003820753020000071
Will be provided with
Figure BDA0003820753020000072
The element in G is mapped to a random element in G, and then a P2 data set of the second party system is obtained
Figure BDA0003820753020000073
Wherein
Figure BDA0003820753020000074
t i ∈Z,t i Represents the associated value;
before the first party system generates a random privacy index, the methodFurther comprising: preparing input data for the first party system; preprocessing input data of the first party system to obtain a first privacy data set; the input data is prime order group G, using hash function
Figure BDA0003820753020000075
Will be provided with
Figure BDA0003820753020000076
Mapping the elements in G to random elements in G to obtain a first party system P1 data set
Figure BDA0003820753020000077
Wherein m is 1 Indicates the number of elements.
Preferably, as shown in fig. 2, the performing, by the second party system, data obfuscation processing, data transformation processing, and data padding processing on the second private data set in sequence to obtain a second processed private data set includes:
s31, generating confusion elements and sending a set of confusion elements to the first party system; when a pair of confusing elements is generated, a pair of inverses will be generated at the same time, for example, if the pair of confusing elements is (a, 99), then the inverses will be generated at the same time (b, -99), and both the confusing elements and the inverses will be sent to the first party system, where a, b represent any natural number.
S32, randomly obtaining a confusion element subset from the confusion element set;
s33, performing data obfuscation on the second privacy data set through the obfuscating element subset; the data which is added into the confusion element subset and is sent to the first party system is not the original second party privacy data, but the confused second party privacy data and the real intersection cardinality, so that the safety in the data interaction process is improved.
S34, performing data transformation processing on all the related values in the second privacy data set subjected to data confusion;
s35, randomly generating a second dummy, and filling the second dummy into a second privacy data set subjected to data confusion and data conversion processing to form a second processed privacy data set; therefore, when the first-party system obtains the intersection, the data acquired by the first-party system is the second processed privacy data set subjected to the dummy filling processing, and is not the real original second privacy data set, the risk that the second privacy data set data is acquired by the first-party system is reduced, and the security of the held data set is improved;
as shown in fig. 3, the performing, by the first party system, data obfuscation processing and data filling processing on the first privacy data set in sequence to obtain a first processed privacy data set includes:
s41, receiving the confusion meta set sent by the second party system, and performing data confusion on the first privacy data set through the confusion meta set; the data in the first private data set thus sent to the second party system is data to which the obfuscating element is added, and not data in the real first private data set;
and S42, randomly generating a first dummy, and filling the first dummy into a first privacy data set subjected to data confusion to form the first processed privacy data set. The first privacy data set sent by the first party system to the second party system is the first processed privacy data set containing the dummy instead of the real first privacy data set, and therefore the security of the held data set is improved.
The first party system randomly generates the first dummy element and the second party system randomly generates the second dummy element, so that the interactive data of the first party system and the second party system when executing the privacy intersection summation calculation protocol are not real data, the number of data (also called an aggregation base number) is not the number of the real data, and the number of the data added with the dummy element number is the number of the real data calculated by the two parties through the privacy intersection summation protocol can not be leaked, and the protection is obtained. Because the first dummy element and the second dummy element are randomly generated, the probability that the first dummy element and the second dummy element are the same is extremely low, so that the dummy elements cannot appear in an intersection set in the intersection solving process, and the intersection summation cannot be influenced by adding the dummy elements.
Preferably, the data transformation processing on all the associated values in the second private data set subjected to data obfuscation includes:
the second party system traverses all the correlation values in the second privacy data set which is subjected to data obfuscation and data transformation processing, and finds out the minimum value in all the correlation values;
if the minimum value is greater than 0, taking 0 as a recovery value;
if the minimum value is less than 0, taking the minimum value as a recovery value;
converting all the correlation values into correlation values containing recovery values; the converting all the correlation values into the correlation values containing the recovery values comprises the following steps: subtracting the recovery value from each of the associated values, respectively.
By carrying out data transformation processing on the correlation values, the correlation values can be added and summed when being negative numbers, so that the data compatibility is increased, and the adaptability of the algorithm is improved.
Preferably, the determining, according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculating an associated value encrypted summation value containing a recovery value in the intersection and a recovery value encrypted summation value corresponding to the associated value encrypted summation value containing the recovery value, includes:
s51, the second party system generates a homomorphic encryption key pair according to the preprocessed second input data, and sends a public key in the key pair to the first party system;
s52, the first party system retrieves a first UID from the first processed privacy data set, performs blinding processing and scrambling processing on the first UID in sequence to obtain a first once processed UID, and then sends the first once processed UID to the second party system;
s53, the second party system performs blinding processing and scrambling processing on the primary processed first UID again to obtain a secondary processed first UID, and then sends the secondary processed first UID to the first party system;
s54, the second party system retrieves a second UID from the second processed privacy data set, and performs blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
s55, the second party system retrieves the associated value containing the recovery value from the second processed privacy data set, and sequentially performs homomorphic encryption processing and scrambling processing on the associated value containing the recovery value to obtain an encrypted associated value containing the recovery value;
s56, the second party system performs homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
s57, the second party system sends the processed second UID, the encrypted associated value containing the recovery value and the encrypted recovery value to the first party system;
s58, the first party system matches the secondarily processed first UID with the processed second UID, and encrypts and sums the encrypted associated value containing the recovery value and the encrypted recovery value corresponding to the UID which is successfully matched respectively to obtain an associated value encrypted sum value containing the recovery value and a recovery value encrypted sum value;
and obtaining the intersection of the first party private data set and the second party private data set by UID matching, wherein the intersection comprises partial confusion metadata. When UID matching is carried out, only part of confusion elements are successfully matched, and the confusion elements which are successfully matched are the intersection, so that the data in the whole intersection is not real privacy data of the first party and the second party, the data number (also called a set cardinality) in the intersection is also the data number containing a plurality of confusion elements, and the real data number containing the intersection of the privacy data of the first party and the privacy data of the second party cannot be obtained.
And S59, the first party system sends the correlation value encrypted summation value containing the recovery value and the recovery value encrypted summation value to the second party system.
The UID refers to a user identification, i.e., a user ID.
By adding the dummy element, the number of the real data and the number of the real data of the first party privacy data set and the second party privacy data set can not be acquired in the privacy intersection summation protocol calculation process, the privacy data of both parties can be protected, by adding the confusion element, the number of the intersection real data and the number of the real data of the first party privacy data set and the second party privacy data set can not be acquired, and the intersection of the privacy data of both parties can be protected.
In another aspect, an apparatus for privacy intersection summation is provided as shown in fig. 4, the privacy intersection summation apparatus comprising:
the second system module is used for the second party system to generate the second random private index, and the second party system performs data confusion processing, data transformation processing and data filling processing on the second private data set in sequence to obtain a second processed private data set;
the first system module is used for the first party system to generate the first random private index, and the first party system performs data confusion processing and data filling processing on the input data of the first private data set in sequence to obtain a first processed private data set;
the first system module and the second system module are further configured to determine, according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculate an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
the second system module is further configured to decrypt the correlation value encrypted sum value containing the recovery value and the recovery value encrypted sum value to obtain a correlation value sum value containing the recovery value and a recovery value sum value;
and the second system module is also used for subtracting the recovery value summation value from the correlation value summation value of the recovery value to obtain a correlation value summation value.
Preferably, the privacy intersection summing means further comprises:
the second system module is also used for preprocessing the data of the second party system to obtain a second party privacy data set;
the first system module is further used for preprocessing data of the first party system to obtain a first party privacy data set.
Preferably, the second system module is further configured to compute input data processing for a second privacy intersection sum, including:
for generating the confusion element, sending the set of confusion elements to the first party system;
randomly obtaining a confusion element subset from the confusion element set, and performing data confusion on the second meaning data set through the confusion element subset;
the data transformation processing is carried out on all the associated values in the second privacy data set subjected to data obfuscation;
the device is used for generating the second dummy, and filling the second dummy into a second privacy data set subjected to data obfuscation and data transformation processing to form the second processed privacy data set;
the first system module is further for summing a first private data set to compute an input data process, comprising:
the obfuscation element set is used for receiving the obfuscation element set sent by the second party system and performing data obfuscation on the first privacy data set through the obfuscation element set;
the method is used for generating a first dummy element, and filling the first dummy element into a first privacy data set subjected to data confusion to form the first processed privacy data set.
Preferably, the second system module is further configured to perform a data transformation process in the second privacy intersection sum computation input data process, including:
and converting the negative integer in the associated value into a non-negative integer when the associated value is used for data transformation processing.
Preferably, the second system module and the first system module are further for the second privacy intersection summation protocol execution, comprising:
the second system module is used for generating a homomorphic encryption key pair by the second party system according to the preprocessed second input data and sending a public key in the key pair to the first party system;
the first system module is used for retrieving a first UID from the first processed privacy data set, conducting blinding processing and scrambling processing on the first UID in sequence to obtain a first processed UID, and then sending the first sequentially processed UID to the second party system;
the second system module is used for retrieving a second UID from the second processed privacy data set, and conducting blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
the second system module is used for retrieving the associated value containing the recovery value from the second processed privacy data set, and sequentially performing homomorphic encryption processing and scrambling processing on the associated value containing the recovery value to obtain an encrypted associated value containing the recovery value;
the second system module is used for carrying out homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
the second system module is used for sending the processed second UID, the encrypted associated value containing the recovery value and the encrypted recovery value to the first party system;
the first system module is used for matching the secondarily processed first UID with the processed second UID, and respectively encrypting and summing an encrypted correlation value and an encrypted recovery value which contain a reply bamboo and correspond to the UID which is successfully matched to obtain a correlation value encrypted summation value containing the recovery value and a recovery value encrypted summation value;
the first system module is configured to send the correlation value encrypted sum value with the recovery value and the recovery value encrypted sum value to the second party system.
Fig. 5 is a flowchart illustrating an implementation of an embodiment, and the following embodiment describes the above technical solution of the embodiment of the present invention in detail:
1.P1 and P2: g is a group of prime numbers,
Figure BDA0003820753020000121
for identifier spaces, hash functions
Figure BDA0003820753020000122
H is a random prediction machine, and the elements in U are mapped into random elements in G, wherein P1 represents a first party system, and P2 represents a second party system.
P1: collection
Figure BDA0003820753020000123
Wherein
Figure BDA0003820753020000124
P2: collection
Figure BDA0003820753020000125
Wherein
Figure BDA0003820753020000126
t i E.g. Z, Z represents a set of integers, w i Denotes an identifier, t i Represents a correlation value;
p1 and P2 respectively select 1 random private index from the prime order group G, and respectively mark as k 1 And k 2
P2 generating a key pair (p) k ,s k )<AGEn (λ), used as an addition homomorphic encryption model, and using the public key p k Sending the data to P1; wherein AGEn is a key generation module, s k Represents a private key;
p2 randomly generates m' 2 A confusion element pair to form a confusion element set
Figure BDA0003820753020000127
Wherein m' 2 Is an even number, w k ∈U,t i ∈Z,w k Representing identifiers in sets of obfuscated elements, t k Representing a collection of confusing elementsAssociated with a value of, and W c Any one of the elements (w) k ,t k ) The inverse must exist (w) d ,-t k )∈W c ,w d Is distinguished from w k W of (2) c The identifier of (1); the method for generating the confusion element comprises the following steps:
1) Random generation
Figure BDA0003820753020000128
Wherein
Figure BDA0003820753020000129
Is an identifier space;
2) Randomly generating an integer t k ,(w k ,t k ) The confusion element is obtained;
3) Co-generation of w k Method of (1) randomly generating w d ,(w d ,-t k ) The inverse element of the confusion element is generated;
4) The confusion element and the confusion element inverse element together form a set of confusion elements.
The random generation can be realized by various methods, such as a linear congruence method.
P2 from W c In the random selection of m ″) 2 The elements form a confusion element set subset
Figure BDA00038207530200001210
Merging the new set W ' with the original set W to generate a new set W ' = WuW ' c Wherein m ″) 2 Is even number, and W' c Any one of the elements (w) k ,t k ) Must have an inverse element (w) d ,-t k )∈W′ c
6.P2 will
Figure BDA00038207530200001211
Sending the data to P1;
p1 to be received
Figure BDA00038207530200001212
Merging the original set V into a new set
Figure BDA00038207530200001213
P2 traversal of all t in W i To find the minimum value t min ,t min Also known as recovery value;
9. if t is min <0, then P2 adds-t to the integer associated value of all elements in W min To obtain
Figure BDA0003820753020000131
If t is min If the value is more than or equal to 0, then P2 adds 0 to the integer correlation value of all the elements in W';
p1 random Generation r 1 Filling dummy cells into the set V', wherein each dummy cell comprises a randomly generated identifier; the method for generating the first dummy comprises the following steps: random generation
Figure BDA0003820753020000132
Wherein
Figure BDA0003820753020000133
For the identifier space, i.e. the first dummy, the random generation can be implemented by various methods, for example, a linear congruence method can be used.
P2 random Generation r 2 Filling dummy elements into the set W', wherein each dummy element comprises a randomly generated identifier and a randomly generated associated value, and the associated value is a positive integer; the method for generating the second dummy comprises the following steps:
a) Random generation
Figure BDA0003820753020000134
Wherein
Figure BDA0003820753020000135
Is an identifier space;
b) Randomly generating an integer t k;
c)(d k ,t k ) Is the second dummy
The random generation may be achieved by a variety of methods, such as linear congruence.
13. For each element V in the set V' P1 i Calculating the Hash value by using Hash function and then using k 1 Calculating the index value thereof, i.e. calculating
Figure BDA0003820753020000136
This process is called pairing v i Blind processing;
14.P1 will
Figure BDA0003820753020000137
Sending the scrambled data to P2, m 1 Represents the number of data in the set V, m' 2 Representing the number of red data of the confusing element set, r 1 Represents P 1 The number of dummy elements in (1);
set of P2 pairs
Figure BDA0003820753020000138
Each element in (1) with k 2 Calculating the value of its exponent, i.e. calculating
Figure BDA0003820753020000139
16.P2 will
Figure BDA00038207530200001310
Sending the scrambled data to P1;
17. for each element (W) in the P2 set W j ,t j ) W ' represents a set of the original data set added with the confusion element subset, wj is an identifier in W ', tj is an associated value in W ', and aiming at W j And t j The following operations were performed:
171. to w j Calculating the Hash value by using Hash function and using k 2 Calculating the value of its exponent, i.e. calculating
Figure BDA00038207530200001311
172. For t j To public key p k As additive homomorphic encryptionKey, performing homomorphic encryption calculation AEnc (t) j ). Wherein AEnc is an encryption module of a homomorphic encryption algorithm.
18. Will be assembled
Figure BDA00038207530200001312
Sending the scrambled data to P1, m 2 Denotes the number of data in the W set, m ″) 2 Representing the number of data in the subset of confusion elements, r 2 Represents P 2 A dummy of (1);
19. will-t min By public key p k Encrypted ciphertext AEnc (-t) min ) Sending the data to P1;
p1 for each element in the received set
Figure BDA00038207530200001313
Will number 1
Figure BDA00038207530200001314
By k 1 Calculating the index value thereof, i.e. calculating
Figure BDA00038207530200001315
P1 calculate intersection:
Figure BDA0003820753020000141
22. for all relevance values S in the intersection J J P1 homomorphically adding the ciphertexts
Figure BDA0003820753020000142
Meanwhile, P1 performs ciphertext homomorphic addition on all recovery values Smin in the intersection J
Figure BDA0003820753020000143
P1 then converts the ciphertext AEnc (pk, S) J ) And AEnc (pk, S) min ) Sending the data to P2;
p2 ciphertext AEnc (pk, S) received J ) By a private key s k Decrypting to recover S' J
P2 will receive the ciphertext AEnc (pk, S) min ) By a private key s k Decrypting to recover S' min
25. The final privacy intersection summation result is S = S' J -S′ min
The addition homomorphic encryption algorithm comprises the following steps: generating a public key, encrypting and decrypting.
Generating a public key and a secret key:
randomly selecting large prime numbers p, q, and calculating N = pq and lambda = lcm (p-1, q-1)
Order function
Figure BDA0003820753020000144
x is a function independent variable selected randomly
Figure BDA0003820753020000145
Satisfies gcd (L (g) λ modN 2 ) N =1, (g, N) is the public key, and λ is the private key.
Encryption:
for a message m ∈ Z N ,Z N Representing a set of positive integers greater than 0 and less than N, the random number being arbitrarily chosen
Figure BDA0003820753020000146
Z * N The term "residue system" refers to a residue system of N, which is a residue domain obtained by a digital-to-analog N in an integer set for a specific positive integer N, and is encrypted to obtain a ciphertext C = AEnc (m is
C=g m r N modN 2
Wherein AEnc is an encryption module.
And (3) decryption:
for ciphertext
Figure BDA0003820753020000147
Decryption yields the plaintext m = ADec (c) as
Figure BDA0003820753020000148
Wherein ADec is the decryption module.
It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not meant to be limited to the specific order or hierarchy presented.
In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. To those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks or elements described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks, where magnetic discs generally reproduce data magnetically, while disks generally reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method of privacy intersection summation, comprising:
a first party system generates a first random privacy index;
the second party system generates a second random privacy index;
the second party system sequentially performs data confusion processing, data transformation processing and data filling processing on the second privacy data set to obtain a second processed privacy data set;
the first party system carries out data confusion processing and data filling processing on input data of a first privacy data set in sequence to obtain a first processed privacy data set;
according to the first random private index, the second random private index, the first processed private data set and the second processed private data set, determining an intersection of the first party private data set and the second party private data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculating an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
the second party system decrypts the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to obtain a correlation value summation value containing the recovery value and a recovery value summation value;
and subtracting the recovery value summation value from the correlation value summation value containing the recovery value to obtain a correlation value summation value.
2. The privacy intersection summation method of claim 1 wherein prior to the second party system generating a random privacy index, the method further comprises: preparing input data for the second party system; preprocessing input data of the second party system to obtain a second privacy data set;
before the first-party system generates a random privacy index, the method further comprises: preparing input data for the first party system; and preprocessing input data of the first party system to obtain a first privacy data set.
3. The privacy intersection summation method of claim 1 wherein the second party system performs data obfuscation, data transformation, and data padding on the second privacy data set in sequence to obtain a second processed privacy data set, comprising:
generating confusion elements and sending a set of confusion elements to the first party system;
randomly obtaining a confusion element subset from the confusion element set;
performing data obfuscation on the second private data set by the subset of obfuscating elements;
performing data transformation processing on all the associated values in the second privacy data set subjected to data obfuscation;
randomly generating a second dummy, and filling the second dummy into a second privacy data set subjected to data confusion and data transformation processing to form a second processed privacy data set;
the first party system carries out data confusion processing and data filling processing on the first privacy data set in sequence to obtain a first processed privacy data set, and the method comprises the following steps:
receiving the confusion element set sent by the second party system, and performing data confusion on the first privacy data set through the confusion element set;
and randomly generating a first dummy, and filling the first dummy into a first privacy data set subjected to data confusion to form the first processed privacy data set.
4. The privacy intersection summation method according to claim 3 wherein said data transformation processing of all associated values in the second privacy data set that has been data obfuscated comprises:
the second party system traverses all the correlation values in the second privacy data set which is subjected to data confusion and data transformation processing, and finds out the minimum value in all the correlation values;
if the minimum value is greater than 0, taking 0 as a recovery value;
if the minimum value is less than 0, taking the minimum value as a recovery value;
converting all the correlation values into correlation values containing recovery values; the converting all the correlation values into the correlation values containing the recovery values comprises the following steps: subtracting the recovery value from each of the associated values, respectively.
5. The privacy intersection summation method of claim 1 wherein said determining, by the second party system and the first party system according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set according to a privacy intersection summation computation protocol and computing an associated value encrypted summation value containing a recovery value in the intersection and a recovery value encrypted summation value corresponding to the associated value encrypted summation value containing the recovery value comprises:
the second party system generates a homomorphic encryption key pair according to the preprocessed second input data, and sends a public key in the key pair to the first party system;
the first party system retrieves a first UID from the first processed privacy data set, performs blinding processing and scrambling processing on the first UID in sequence to obtain a first once-processed UID, and then sends the first once-processed UID to the second party system;
the second party system performs blinding processing and scrambling processing on the primary processed first UID again to obtain a secondary processed first UID, and then sends the secondary processed first UID to the first party system;
the second party system retrieves a second UID from the second processed privacy data set, and performs blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
the second party system retrieves the correlation value containing the recovery value from the second processed privacy data set, and sequentially performs homomorphic encryption processing and scrambling processing on the correlation value containing the recovery value to obtain an encrypted correlation value containing the recovery value;
the second party system performs homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
the second party system sends the processed second UID, the encrypted associated value containing the recovery value and the encrypted recovery value to the first party system;
the first party system matches the secondarily processed first UID with the processed second UID, and encrypts and sums the encrypted associated value and the encrypted recovery value which contain the recovery value and correspond to the UID which is successfully matched with the first UID respectively to obtain an associated value encrypted sum value containing the recovery value and a recovery value encrypted sum value;
and the first party system sends the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to the second party system.
6. An apparatus for privacy intersection summation, comprising:
the second system module is used for the second party system to generate the second random private index, and the second party system performs data confusion processing, data transformation processing and data filling processing on the second private data set in sequence to obtain a second processed private data set;
the first system module is used for the first party system to generate the first random private index, and the first party system performs data confusion processing and data filling processing on the input data of the first private data set in sequence to obtain a first processed private data set;
the first system module and the second system module are further configured to determine, according to the first random privacy index, the second random privacy index, the first processed privacy data set, and the second processed privacy data set, an intersection of the first party privacy data set and the second party privacy data set by the second party system and the first party system according to a privacy intersection summation calculation protocol, and calculate an associated value encryption summation value containing a recovery value in the intersection and a recovery value encryption summation value corresponding to the associated value encryption summation value containing the recovery value;
the second system module is further configured to decrypt the correlation value encrypted sum value containing the recovery value and the recovery value encrypted sum value to obtain a correlation value sum value containing the recovery value and a recovery value sum value;
and the second system module is also used for subtracting the recovery value summation value from the correlation value summation value of the recovery value to obtain a correlation value summation value.
7. The privacy intersection summing apparatus of claim 6, wherein the privacy intersection summing apparatus further comprises:
the second system module is also used for preprocessing the data of the second party system to obtain a second party privacy data set;
the first system module is further used for preprocessing data of the first party system to obtain a first party privacy data set.
8. The apparatus of claim 6, wherein the second system module is further to compute input data processing for a second privacy intersection sum, comprising:
for generating the confusion element, sending the set of confusion elements to the first party system;
randomly obtaining a confusion element subset from a confusion element set, and performing data confusion on the second meaning data set through the confusion element subset;
the data transformation processing is carried out on all the associated values in the second privacy data set subjected to data obfuscation;
the device is used for generating the second dummy, and filling the second dummy into a second privacy data set subjected to data obfuscation and data transformation processing to form the second processed privacy data set;
the first system module is further for summing a first private data set to compute an input data process, comprising:
the obfuscation element set is used for receiving the obfuscation element set sent by the second party system and performing data obfuscation on the first privacy data set through the obfuscation element set;
the method is used for generating a first dummy element, and filling the first dummy element into a first privacy data set subjected to data confusion to form the first processed privacy data set.
9. The apparatus of claim 8, wherein the second system module is further configured to perform a data transformation process in the second privacy intersection summation computation input data process, comprising:
and converting the negative integer in the correlation value into a non-negative integer when the correlation value is used for data transformation processing.
10. The apparatus of claim 6, wherein the second system module and the first system module are further for the second privacy intersection summation protocol execution, comprising:
the second system module is used for generating a homomorphic encryption key pair by the second party system according to the preprocessed second input data and sending a public key in the key pair to the first party system;
the first system module is used for retrieving a first UID from the first processed privacy data set, conducting blinding processing and scrambling processing on the first UID in sequence to obtain a first processed UID, and then sending the first sequentially processed UID to the second party system;
the second system module is used for retrieving a second UID from the second processed privacy data set and conducting blinding processing and scrambling processing on the second UID in sequence to obtain a processed second UID;
the second system module is used for retrieving the correlation value containing the recovery value from the second processed privacy data set, and sequentially performing homomorphic encryption processing and scrambling processing on the correlation value containing the recovery value to obtain an encrypted correlation value containing the recovery value;
the second system module is used for carrying out homomorphic encryption processing on the recovery value to obtain an encrypted recovery value;
the second system module is used for sending the processed second UID, the encrypted association value containing the recovery value and the encrypted recovery value to the first party system;
the first system module is used for matching the secondarily processed first UID with the processed second UID, and respectively carrying out encryption summation on the encryption associated value and the encryption recovery value which contain the reply bamboo and correspond to the UID which is successfully matched, so as to obtain an associated value encryption summation value containing the recovery value and a recovery value encryption summation value;
and the first system module sends the correlation value encryption summation value containing the recovery value and the recovery value encryption summation value to the second system.
CN202211050698.9A 2022-08-29 2022-08-29 Privacy intersection summing method and device Pending CN115473707A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211050698.9A CN115473707A (en) 2022-08-29 2022-08-29 Privacy intersection summing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211050698.9A CN115473707A (en) 2022-08-29 2022-08-29 Privacy intersection summing method and device

Publications (1)

Publication Number Publication Date
CN115473707A true CN115473707A (en) 2022-12-13

Family

ID=84368760

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211050698.9A Pending CN115473707A (en) 2022-08-29 2022-08-29 Privacy intersection summing method and device

Country Status (1)

Country Link
CN (1) CN115473707A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488789A (en) * 2023-04-23 2023-07-25 北京火山引擎科技有限公司 Data processing method, device, equipment and medium
CN116488789B (en) * 2023-04-23 2024-06-07 北京火山引擎科技有限公司 Data processing method, device, equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116488789A (en) * 2023-04-23 2023-07-25 北京火山引擎科技有限公司 Data processing method, device, equipment and medium
CN116488789B (en) * 2023-04-23 2024-06-07 北京火山引擎科技有限公司 Data processing method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN109951453A (en) A kind of safe encryption method based on block chain
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
Charpentier et al. An asymmetric fingerprinting scheme based on Tardos codes
CN101964793A (en) Method and system for transmitting data between terminal and server and sign-in and payment method
CN114036565A (en) Private information retrieval system and private information retrieval method
CN115102688B (en) Data processing method, polynomial calculation method and electronic equipment
Goots et al. Modern Cryptography Protect your data with fast block CIPHERS
CN111342955B (en) Communication method and device and computer storage medium
US11431489B2 (en) Encryption processing system and encryption processing method
CN112929151B (en) Entity alignment method based on privacy protection and computer storage medium
Anandakumar Image cryptography using RSA algorithm in network security
CN112580071A (en) Data processing method and device
Sharma et al. Multi-image steganography and authentication using crypto-stego techniques
Wazery et al. A hybrid technique based on RSA and data hiding for securing handwritten signature
CN114374518B (en) PSI (program specific information) intersection information acquisition method and device with intersection counting function and storage medium
CN115473707A (en) Privacy intersection summing method and device
US20130058483A1 (en) Public key cryptosystem and technique
Adebayo et al. Data Privacy System Using Steganography and Cryptography
Shawkat et al. Optimization-based pseudo random key generation for fast encryption scheme
CN115913554B (en) Efficient trace federal learning method, system and related equipment based on national density
Rahouma Reviewing and applying security services with non-english letter coding to secure software applications in light of software trade-offs
Lone et al. A novel scheme for image authentication and secret data sharing
CN110084050B (en) Attribute-based encryption microgrid transaction method based on block chain
CN110572256B (en) Anti-quantum computing asymmetric key management method and system based on asymmetric key pool and implicit certificate
Srinivasarao et al. A technique for data encryption and decryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination