CN116303308A - Secret data sharing method and device, electronic equipment and storage medium - Google Patents

Secret data sharing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116303308A
CN116303308A CN202211736161.8A CN202211736161A CN116303308A CN 116303308 A CN116303308 A CN 116303308A CN 202211736161 A CN202211736161 A CN 202211736161A CN 116303308 A CN116303308 A CN 116303308A
Authority
CN
China
Prior art keywords
data
secret
private
order
secret data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211736161.8A
Other languages
Chinese (zh)
Other versions
CN116303308B (en
Inventor
张玉安
陈彦平
胡伯良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN202211736161.8A priority Critical patent/CN116303308B/en
Publication of CN116303308A publication Critical patent/CN116303308A/en
Application granted granted Critical
Publication of CN116303308B publication Critical patent/CN116303308B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a secret data sharing method, a secret data sharing device, electronic equipment and a storage medium, and relates to the technical field of information security; randomly generating scrambling code data according to the length of the secret data; performing first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data; the invention generates private data by adding scrambling code and secret data through logic operation and distributes the private data to different members, secret data sharing can be realized without complex mathematical polynomial calculation, the invention is suitable for hardware realization, and can also be realized through software realization, and the realization is simple and convenient.

Description

Secret data sharing method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a secret data sharing method, a secret data sharing device, an electronic device, and a storage medium.
Background
In conventional information management systems, the security of sensitive information stored in the system may depend on a master key, which becomes a security key point of the whole system, and thus, a reliable person is also required to take care. If it is given to a separate manager for safekeeping, there may be drawbacks, such as the manager accidentally losing the master key, or he may not be able to take his job for his own reasons, which may result in some services or functions in the information system not being used properly. In addition, the personal quality of the administrator and his loyalty become important factors for system security. Therefore, some key information which needs important protection should be monitored by multiple persons. In cryptography, a method of sharing one piece of important information to a plurality of persons for storage is called a secret sharing method. Secret sharing is advantageous in that, on the one hand, rights are prevented from being excessively concentrated, and on the other hand, security and integrity of the secret can be ensured. In electronic information systems, secrets may include keys, sensitive messages, file information, communication information, and the like. However, the most common secret sharing method is to obtain a plurality of sub-secrets by dividing a complete secret into rights and responsibilities, and to respectively store the plurality of sub-secrets by N organizations or users, wherein the shared secret can be recovered only when at least R (R is more than or equal to 2 and less than or equal to N) organizations or users put their own shares together, otherwise, the secret cannot be recovered. However, some popular secret sharing schemes are complex to implement, large prime numbers are required to be set for large number multiplication and modulo operation, square power and Lagrange interpolation are even calculated, and some schemes based on public key cryptography are more complex, so that software programmers are annoyed, and when hardware is used for implementation, the hardware programming structure is complex, more system resources are consumed, and the efficiency is low.
Disclosure of Invention
The invention provides a secret data sharing method, a secret data sharing device, electronic equipment and a storage medium, which are used for solving the defects that a secret sharing scheme is complex to implement, a hardware programming structure is complex when the secret sharing scheme is implemented by using hardware, more system resources are consumed and the efficiency is low.
The invention provides a secret data sharing method, which comprises the following steps:
acquiring secret data;
randomly generating scrambling code data according to the length of the secret data;
performing first logic operation on the secret data content and the scrambling code data content to generate a plurality of private data;
and distributing the plurality of pieces of private data to a plurality of members to reconstruct the private data by performing a second logical operation on the private data of at least two members.
According to the secret data sharing method provided by the invention, the secret data comprises a secret high bit and a secret low bit, the scrambling code data comprises a scrambling code high bit and a scrambling code low bit, the secret data and the scrambling code data are subjected to first logic operation, and a plurality of private data are generated, including:
taking the scrambling code high order as a private high order, or carrying out exclusive OR operation on at least two of the secret high order, the scrambling code high order, the secret low order and the scrambling code low order to obtain the private high order;
taking the scrambling code low order as a private low order, or carrying out exclusive OR operation on at least two of the secret high order, the scrambling code high order, the secret low order and the scrambling code low order to obtain the private low order;
and splicing the private high-order bits and the private low-order bits to generate private data.
According to the secret data sharing method provided by the invention, before distributing the plurality of private data to a plurality of members, the secret data sharing method comprises the following steps:
adding a data formation mark of a preset byte number before the data is stored;
correspondingly, reconstructing the secret data by performing a second logical operation on the secret data of at least two members, including: and selecting a second logic operation corresponding to the data constitution mark to reconstruct the secret data according to the data constitution mark in the secret data to reconstruct the secret data.
According to the secret data sharing method provided by the invention, the secret data reconstruction is carried out by selecting the second logic operation corresponding to the data constitution mark, and the secret data sharing method comprises the following steps:
acquiring a private high-order and a private low-order of private data held by the private data providing member according to the data constitution mark provided by the private data;
exclusive OR operation is carried out on the private high-order and the private low-order provided by different members to obtain a reconstructed high-order and a reconstructed low-order of the reconstructed secret data;
and splicing the high-order and low-order of the reconstructed secret data to obtain the secret data.
The secret data sharing method provided by the invention further comprises the following steps:
when the secret data or the scrambling code data is updated, calculating an exclusive-or difference value of the secret data before updating and the secret data after updating, or calculating an exclusive-or difference value of the scrambling code data content before updating and the scrambling code data after updating;
calculating the data complement difference which needs to be added by each member according to the constitution form of the private data of each member, and accumulating the data complement difference on the private data of each member in an exclusive or operation mode in a balance change mode to obtain the updated private data of each member.
According to the secret data sharing method provided by the invention, when the secret data or the scrambling code data is updated, the secret data sharing method further comprises the following steps:
sending prompt update information to the member;
and if the feedback information of the updated member is received, the updated private data is sent to the member, and the private data before updating is deleted.
The secret data sharing method provided by the invention further comprises the following steps:
generating log information, wherein the log information at least comprises time for reconstructing the secret data, members for reconstructing the secret data, whether the secret data is updated or whether the scrambling code data is updated.
The invention also provides a secret data sharing device, which comprises:
the acquisition module is used for acquiring secret data;
the first generation module is used for randomly generating scrambling code data according to the secret data;
the second generation module is used for carrying out first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data;
and the distribution module is used for distributing the plurality of private data to a plurality of members so as to reconstruct the private data after performing second logic operation on the private data of at least two members.
Optionally, the secret data includes a secret high bit and a secret low bit, the scrambling data includes a scrambling high bit and a scrambling low bit, and the second generating module includes:
the private high-order generation sub-module is used for taking the scrambling high-order as a private high-order, or performing exclusive OR operation on at least two of the secret high-order, the scrambling high-order, the secret low-order and the scrambling low-order to obtain the private high-order;
the private low-order generation sub-module is used for taking the scrambling low-order as a private low-order, or performing exclusive OR operation on at least two of the secret high-order, the scrambling high-order, the secret low-order and the scrambling low-order to obtain the private low-order;
and the private data generation sub-module is used for splicing the private high-order bits and the private low-order bits to generate private data.
Optionally, the apparatus further comprises:
the data formation mark adding module is used for adding a data formation mark with a preset byte number before the data is stored;
and the secret data reconstruction module is used for selecting a second logic operation corresponding to the data construction mark to reconstruct the secret data according to the data construction mark in the secret data for secret data reconstruction.
Optionally, the secret data reconstruction module includes:
the private high-order and private low-order sub-module is used for acquiring the private high-order and private low-order of the private data held by the private data providing member;
the reconstruction high-order and reconstruction low-order generation submodule is used for obtaining the reconstruction high-order and the reconstruction low-order of the secret data according to the second logic operation corresponding to the data formation mark by the private high-order and the private low-order provided by different members;
and the splicing sub-module is used for splicing the reconstructed high-order bits and the reconstructed low-order bits to reconstruct secret data.
Optionally, the apparatus further comprises:
the secret data updating module is used for calculating an exclusive-or difference value between the secret data before updating and the secret data after updating or calculating an exclusive-or difference value between the scrambling data before updating and the scrambling data after updating when the secret data or the scrambling data are updated;
and the private data updating module calculates the data complement difference required to be added by each member according to the private data composition form of each member, and accumulates the data complement difference on the private data of each member in an exclusive or operation mode in a balance change mode to obtain the updated private data of each member.
Optionally, the private data updating module is further configured to send update prompt information to a member, and if receiving feedback information that the member accepts the update, send updated private data to the member, and delete the private data before the update.
Optionally, the apparatus further comprises:
the log information generating module is used for generating log information, and the log information at least comprises time for reconstructing the secret data, members for reconstructing the secret data, whether the secret data is updated or whether the scrambling code data is updated.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the secret data sharing method when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the secret data sharing method described above.
The invention provides a secret data sharing method, a secret data sharing device, electronic equipment and a storage medium, wherein secret data is acquired; randomly generating scrambling code data according to the length of the secret data; performing first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data; the invention generates private data by adding scrambling code and secret data through logic operation and distributes the private data to different members, secret data sharing can be realized without complex mathematical polynomial calculation, and the invention is suitable for hardware realization, and software realization is also very simple and convenient.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a secret data sharing method according to the present invention;
FIG. 2 is a second flow chart of the secret data sharing method according to the present invention;
FIG. 3 is a third flow chart of the secret data sharing method according to the present invention;
FIG. 4 is a flowchart of a secret data sharing method according to the present invention;
fig. 5 is a schematic functional structure diagram of the secret data sharing apparatus provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a secret data sharing method provided by an embodiment of the present invention, where, as shown in fig. 1, the secret data sharing method provided by the embodiment of the present invention includes:
step 101, obtaining secret data;
in a specific embodiment, the secret data (for simplicity of explanation, denoted by K below) may be a set of key data, for example, any one string of key data, or may be a sensitive message, file data, communication information, etc., and the content and the data amount of the secret data are not limited. The secret data may be set for a long period of time, or may be changed or updated frequently.
Step 102, randomly generating scrambling code data (hereinafter, denoted by X for simplicity of explanation) according to the length of the secret data;
in a specific embodiment, the data length of X is the same as K, and X may be unchanged for a long period of time after setting, may also be changed frequently by both X and K, and may be changed once even once reconstructed, and X may be generated by a random number generator.
Step 103, performing first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data;
step 104, distributing the multiple pieces of private data to multiple members, wherein the private data of at least two members can be reconstructed after performing a second logic operation.
In the embodiment of the present invention, the first logic operation and the second logic operation are logic operations that can be directly implemented through hardware, for example, an exclusive-or operation.
In one embodiment of the present invention, the private data is distributed to four members, and two or more members hold the private data to reconstruct the private data, and any one of the four private data is taken out, so that the private data cannot be guessed or deduced independently.
The traditional secret data sharing method is that a complete secret is processed by dividing the weight and the responsibility to obtain a plurality of sub-secrets, the plurality of sub-secrets are respectively handed to N organizations or users for common storage, and the shared secret can be recovered only when at least R (R is more than or equal to 2 and less than or equal to N) organizations or users put own shares together, otherwise, the secret cannot be recovered. However, some popular secret data sharing schemes are complex to implement, large prime numbers are required to be set for large number multiplication and modulo operation, square power and Lagrange interpolation are even calculated, and some schemes based on public key cryptography are more complex, so that software programmers are annoyed, and when hardware is used for implementation, the hardware programming structure is complex, more system resources are consumed, and the efficiency is low.
The secret data sharing method provided by the invention is characterized by acquiring secret data; randomly generating scrambling code data according to the length of the secret data; performing first logic operation on the content of the secret data and the content of the scrambling code data to generate a plurality of private data; the invention generates the private data by adding the scrambling code and the secret data through logic operation and distributes the private data to different members, secret data sharing can be realized without complex mathematical polynomial calculation, and the invention is suitable for hardware realization, and software realization is also very simple and convenient.
Based on any of the above embodiments, as shown in fig. 2, the secret data includes a secret high bit and a secret low bit, the scrambling data includes a scrambling high bit and a scrambling low bit, and the first logic operation is performed on the secret data and the scrambling data, to generate a plurality of private data, including:
step 201, taking the high scrambling code as the high private bit, or performing exclusive OR operation on at least two of the high secret bit, the high scrambling code, the low secret bit and the low scrambling code to obtain the high private bit;
in the embodiment of the invention, the private high-order is the scrambling high-order, or the secret high-order, the legal scrambling high-order, and the like;
202, taking a scrambling code low order as a private low order, or performing first logic operation on at least two of a secret high order, a scrambling code high order, a secret low order and a scrambling code low order to obtain the private low order;
in the embodiment of the invention, the private low-order bit is the scrambling low-order bit, or the secret low-order bit is the scrambling low-order bit, or the scrambling high-order bit is the scrambling low-order bit, etc.;
and 203, splicing the high private bit and the low private bit to generate private data.
For example, the private data is (secret high-order # -scrambling high-order) |scrambling low-order.
Specifically, the secret data is 10100101, the scrambling code data is 01011010, the secret high order is 1010, and the secret low order is 0101; the high order of the scrambling code is 0101, and the low order of the scrambling code is 1010; the private data is (1010 ± 0101) |1010= 11111010.
In the embodiment of the invention, the secret data sharing method specifically comprises the following steps:
equally dividing secret data into two parts, namely a secret high order and a secret low order;
for example, k=k1|k2, where the symbol "|" indicates that two pieces of data are concatenated into one piece, the left half K1 is high, and the right half K2 is low.
If the number of bits of the secret data is odd, a bit "0" may be padded later, and the number of bits is made even so that the length is the same after being divided into two parts.
Equally dividing scrambling code data into two parts, namely a scrambling code high bit and a scrambling code low bit;
in the embodiment of the present invention, an X equal to K is randomly generated, and is also divided into two equal-length blocks, i.e., x=x1|x2, where X1 is the high order of the scrambling code and X2 is the low order of the scrambling code.
It should be noted that, in the present invention, the data is divided into two parts according to high level and low level, and in fact, the "high level" and "low level" may be any positions selected, for example, the 1 st, 3 rd, 5 th, 7 th, … … th positions are used as low level, the 2 nd, 4 th, 6 th, 8 th, … … th positions are used as high level, and the determination modes of the "high level" and the "low level" are not limited in this application.
As a specific implementation manner, the high-order secret, the low-order secret, the high-order scrambling code and the low-order scrambling code are subjected to a first logic operation (the first logic operation comprises a preset combination principle) to generate four private parts, so that any two private parts in the four private parts are subjected to partial digital (comprising the high-order secret and the low-order secret) exclusive-or operation, and then secret data is reconstructed.
In some embodiments of the present invention, the data for sharing K and scrambling code X to four members of a, b, c, and d are as follows:
a= (k1+.x1) |x2;
b=x1| (k2| x 2);
c= (k1.k 2. X1) I (x 1. X2);
d= (k1.k 2. X1. X2) I (k1. X2);
where # -is an exclusive or operation. Because four persons do not know the complete X, four persons a, b, c, and t cannot alone effectively push out k1 or k2. But any two of them work together to find k1 and k2. The data of each person is divided into a left part and a right part, wherein the left part is called as a high position, and the right part is called as a low position. Thus, the data held by the four members A, B, C, and D can be referred to as A1|A2, B1|B2, C1|C2, and D1|D2, respectively.
It should be noted that if there are only three members in total, the private data of one member may be temporarily not provided, and if there are only two members in total, the private data of the other two members may be temporarily not provided.
In some embodiments of the present invention, secret data K and scrambling code X are shared among four people a, b, c, and d, and the data distributed to them is as follows:
nail a= (k1%x1) | (x1%x2);
b=x1| (k2| x 2);
c= (k1, k2 x 1) x2;
d= (k1.equal to @ x1. @ x 2) and (k2.times.1).
The data held by four persons a, B, C, and D can be referred to as a1|a2, b1|b2, c1|c2, and d1|d2, respectively.
It should be noted that, multiple private data combining schemes may be generated according to different combining relationships, which are not illustrated here.
The invention can be realized by adding scrambling codes without complex mathematical polynomial calculation through simple logic operation such as exclusive or operation, is suitable for hardware realization, and is simple and convenient for software realization.
Before distributing the plurality of pieces of private data to the plurality of members, as shown in fig. 3, the present invention further includes:
301. adding a data formation mark of a preset byte number before the data is stored; the data configuration flag indicates a configuration manner of the private data, for example, may indicate how the private data is configured according to the content of the secret data and the content of the scramble data, and more specifically, may indicate how the private data is configured according to the high order, the low order, and the high order, the low order of the scramble data, in other words, indicates an algorithm of a specific first logic operation.
302. Correspondingly, reconstructing the secret data by performing a second logical operation on the secret data of at least two members, including: and selecting a second logic operation corresponding to the data constitution mark to reconstruct the secret data according to the data constitution mark in the secret data to reconstruct the secret data.
When the secret data is reconstructed, the corresponding byte of the identity information does not participate in the arithmetic operation. By this embodiment, the reconstructed high order and the reconstructed low order of the secret data are obtained by selecting different second logical operations according to different data constitution flags. This embodiment thus provides a better protection of the secret data, largely avoiding that the secret data is hacked,
in order to accurately know the identity information of the private data providing member during system verification, for example, when the length of the private data is 16 bytes, one byte of ordering information can be added before 16 bytes of practical data of each person, 17 bytes, for example, the serial number of A is 1, the serial number of B is 2, and the like, are stored. After the data is read in, the system knows the serial numbers of the members according to the data, and then selects a corresponding second logic operation method. Obviously, the byte representing the sequence number is not involved in the second logical operation.
Based on any of the above embodiments, as shown in fig. 4, selecting the second logical operation corresponding to the private data providing data formation flag for the secret data reconstruction includes:
step 401, obtaining a high private level and a low private level of private data held by a private data providing member;
step 402, performing a second logic operation corresponding to the private data providing data forming mark on the private high-order and private low-order provided by different members to obtain a reconstructed high-order and a reconstructed low-order of the private data;
and 403, splicing the reconstructed high order and the reconstructed low order to reconstruct the secret data.
In a specific implementation, the second logical operation may be an exclusive-or operation.
Through the embodiment, the private data is divided into two parts, namely the private high order and the private low order, and the private high order and the private low order of the member can be utilized to carry out second logic operation on the realization of the reconstruction high order and the reconstruction low order, so that a plurality of different second logic operation modes can be realized, the corresponding second logic operation is selected according to the data constitution mark, the secret data can be better protected, and the secret data is prevented from being cracked to a great extent.
In one embodiment of the present invention, four pieces of private data are distributed to four members, as follows:
first private data: (secret high # -scrambling code high) i scrambling code low;
second private data: scrambling code high level (secret low level # -scrambling code low level);
third private data: (secret high. Secret low. Scrambling code high. Scrambling code low);
fourth private data: (secret high × secret low × secret scrambling code high × scrambling code low) | (secret high × scrambling code low);
wherein, the symbol| represents that two blocks of data are connected in series into one block, and the block is an exclusive-or operation.
Selecting a second logical operation method corresponding to the private data providing member for secret data reconstruction, comprising:
the logical operation method for the member providing the first private data and the member providing the second private data comprises exclusive OR operation of the private data of the two members.
The logical operation method for providing the member of the first private data and the member of the third private data comprises the steps of performing exclusive OR operation on the high order, the low order and the low order of the first private data to obtain the secret high order of the reconstruction key; and performing exclusive OR operation on the high-order bits of the first private data and the high-order bits of the third private data to obtain the secret low-order bits of the reconstruction key, and splicing the secret high-order bits of the reconstruction key with the secret low-order bits of the reconstruction key to obtain the reconstruction key.
The logical operation method for providing the members of the first private data and the members of the fourth private data comprises the steps of performing exclusive OR operation on the lower bits of the first private data and the lower bits of the fourth private data to obtain the secret upper bits of the reconstruction key, performing exclusive OR operation on the upper bits of the first private data, the lower bits of the first private data and the upper bits of the fourth private data to obtain the secret lower bits of the reconstruction key, and splicing the secret upper bits of the reconstruction key and the secret lower bits of the reconstruction key to obtain the reconstruction key.
The logical operation method for providing the members of the second private data and the members of the third private data comprises the steps of carrying out exclusive OR operation on the lower bits of the second private data, the upper bits and the lower bits of the third private data to obtain the secret upper bits of the reconstruction key, carrying out exclusive OR operation on the upper bits and the lower bits of the second private data and the lower bits of the third private data to obtain the secret lower bits of the reconstruction key, and splicing the secret upper bits of the reconstruction key and the secret lower bits of the reconstruction key to obtain the reconstruction key.
The logical operation method for providing the members of the second private data and the members of the fourth private data comprises the steps of carrying out exclusive OR operation on the high bits and the low bits of the second private data and the high bits of the fourth private data to obtain the secret high bits of the reconstruction key, carrying out exclusive OR operation on the high bits and the low bits of the second private data and the high bits and the low bits of the fourth private data to obtain the secret low bits of the reconstruction key, and splicing the secret high bits of the reconstruction key and the secret low bits of the reconstruction key to obtain the reconstruction key.
The logical operation method for providing the members of the third private data and the members of the fourth private data comprises the steps of carrying out exclusive OR operation on the high bits of the third private data, the high bits and the low bits of the fourth private data to obtain the secret high bits of the reconstruction key, carrying out exclusive OR operation on the high bits, the low bits and the low bits of the third private data to obtain the secret low bits of the reconstruction key, and splicing the secret high bits of the reconstruction key and the secret low bits of the reconstruction key to reconstruct the secret data.
As another example, if k=k1|k2, x=x1|x2, when the private data of the four members is as follows:
nail a= (k1%x1) | (x1%x2);
b=x1| (k2| x 2);
c= (k1, k2 x 1) x2;
d= (k1.equal to @ x1. @ x 2) and (k2.times.1).
Four-person four-choice two-combination has six possibilities, and the six cases are verified as follows:
(1) First and second cooperation
The a high bit and the B high bit are exclusive-ored to obtain k1, i.e., a1_b1= (k1_x1) ×1=k1.
The lower bits a and the higher bits B are exclusive-ored to obtain k2, that is, a2.cndot.b1.cndot.b2= (x1.cndot.x2) ×1.cndot.k2.cndot.k2.
(A1⊕B1)|(A2⊕B1⊕B2)=k1|k2=K。
(2) Nail and propyl cooperation
The three of the A high order, the A low order and the C low order are exclusive-ored to obtain k1, and the A high order and the C high order are exclusive-ored to obtain k2, namely:
(A1⊕A2⊕C2)|(A1⊕C1)=k1|k2=K。
(3) Latin cooperation
The exclusive OR of the lower A bit and the upper D bit is carried out to obtain k1, and the exclusive OR of the upper A bit, the lower A bit, the upper D bit and the lower D bit is carried out to obtain k2, namely:
(A2⊕D1)|(A1⊕A2⊕D1⊕D2)=k1|k2=K。
(4) Ethylene propylene collaboration
The four bits of B high bit, B low bit, C high bit and C low bit are exclusive-ored to obtain k1, and the B low bit and C low bit are exclusive-ored to obtain k2, namely:
(B1⊕B2⊕C1⊕C2)|(B2⊕C2)=k1|k2=K。
(5) Butyl acetate cooperation
The exclusive or of the lower bits B and the upper bits D and the lower bits D is obtained to obtain k1, and the exclusive or of the upper bits B and the lower bits D is obtained to obtain k2, namely:
(B2⊕D1⊕D2)|(B1⊕D2)=k1|k2=K。
(6) Protin cooperation
The exclusive OR of the C high bit and the D low bit is obtained as k1, and the exclusive OR of the C high bit, the C low bit and the D high bit is obtained as k2, namely:
(C1⊕D2)|(C1⊕C2⊕D1)=k1|k2=K。
in the embodiment of the invention, the secret data can be reconstructed through the private data held by any two members, and the secret data can be reconstructed by a logic operation method corresponding to the selection of the private data held by three members or four members.
Based on any one of the above embodiments, the secret data sharing method further includes:
sending update prompt information to the member;
and if the feedback information of the member receiving the update is received, the updated private data is sent to the member, and the private data before the update is deleted.
By the technical means, the private data can be updated at any time, and the dynamic of the private data can be realized, so that the secret is better protected.
Based on any one of the above embodiments, the secret data sharing method further includes:
when the secret data or the scrambling code data is updated, calculating an exclusive or difference value between the secret data before updating and the secret data after updating, or calculating an exclusive or difference value between the scrambling code data before updating and the scrambling code data after updating;
calculating the data complement difference which needs to be added by each member according to the constitution form of the private data of each member, accumulating the data complement difference on the private data of each member in an exclusive or operation mode in a balance change mode, and obtaining the updated private data of each member.
According to the embodiment, when the secret data and the scrambling code data are updated, but the secret data are not updated, the secret data can be reconstructed correctly, so that the secret data and the scrambling code data can be updated conveniently without synchronously updating the secret data of each member, and the secret data of each member is automatically updated when the secret data is reconstructed, and the method is more convenient to use. Assuming that four persons of A, B, C and T manage the entrance guard keys of a warehouse, the entrance guard keys of A and B are used for opening the door currently, if the entrance guard keys are changed after being used, the shared data of A and B can be updated immediately on the scene, however, when the entrance guard keys of C and T are opened in a few days, the entrance guard keys of A and B cannot be opened because the information of the entrance guard keys is not synchronously updated. For this purpose, a "balance change method" is proposed. And (3) reserving an account for each of the first person, the second person, the third person and the fourth person in the system, wherein the initial value is 0. When X or K is updated, calculating an exclusive or difference value between the new K and the old K, calculating an exclusive or difference value between the new X and the old X, then calculating an added data complement difference of each person according to a data form held by each person, and adding the complement difference or the complement difference to an account of each person in a balance change form.
For example, K is updated to K' and the scrambling code X is updated to Y. If K = p1|p2, X # = y=q1|q2, indicating that the original K1 is increased by the exclusive or difference p1, K2 is increased by the difference p2, X1 is increased by the difference q1, X2 is increased by the difference q2, the data of the nail is a= (K1X 1) |x2, and a change value (p1|q1) |q2 is added in the nail account, which changes the new data of the nail into (A1 # -p1|q1) | (A2) q 2). Similarly, from the data b=x1| (k2|x2), the change value q1| (p2|q2) is added to the account of B, it will make the new data of B (B1 q 1) | (B2 p2 #, q 2), … …. The "increment" described herein is accumulation in exclusive or form. Later, when they provide the system with the stored private data, the system will automatically exclusive-or accumulate the private data with the values in the corresponding accounts to obtain the correct private data.
Based on any one of the above embodiments, the secret data sharing method further includes:
generating log information including at least time at which the secret data was reconstructed, members of which the secret data was reconstructed, whether the secret data was updated or whether the scrambling data was updated.
The secret data sharing method provided by the invention can realize the technical effect that the secret data can be reconstructed only by the cooperation of a plurality of members, and the embodiment from two members to four members is optimized according to the actual application scene. Compared with the method using a threshold, the method is simpler, is easy to realize by hardware, and can realize secret data sharing after the updating of the scrambling data and/or the secret data.
The secret data sharing apparatus provided by the invention is described below, and the secret data sharing apparatus described below and the secret data sharing method described above can be referred to correspondingly.
Fig. 5 is a functional block diagram of a secret data sharing apparatus according to an embodiment of the present invention, where, as shown in fig. 5, the secret data sharing apparatus according to the embodiment of the present invention includes:
an obtaining module 501, configured to obtain secret data;
a first generating module 502, configured to randomly generate scrambling code data according to a length of the secret data;
a second generating module 503, configured to perform a first logic operation on the secret data content and the content of the scrambling code data, and generate a plurality of private data;
a distribution module 504, configured to distribute the plurality of private data to a plurality of members, where the private data is reconstructed by performing a second logic operation on the private data of at least two members.
According to the secret data sharing device, the secret data is shared by generating a plurality of private data by utilizing the logic operation between the randomly generated scrambling data and the secret data, the secret data is reconstructed by the logic operation between the private data, the purpose of protecting the secret data is achieved, and complex mathematical polynomial calculation is not needed. The technical scheme provided by the invention can be conveniently realized by hardware or software, and is simple and convenient to apply.
Optionally, the secret data includes a secret high bit and a secret low bit, the scrambling data includes a scrambling high bit and a scrambling low bit, and the second generating module includes:
the private high-order generation sub-module is used for taking the scrambling high-order as a private high-order, or carrying out exclusive-or operation on at least two of the secret high-order, the scrambling high-order, the secret low-order and the scrambling low-order to obtain at least two, carrying out exclusive-or operation to obtain at least two, and carrying out exclusive-or operation to obtain a private high-order;
the private low-order generation sub-module is used for taking the scrambling low-order as a private low-order, or carrying out exclusive-or operation on at least two of the secret high-order, the scrambling high-order, the secret low-order and the scrambling low-order to obtain at least two, carrying out exclusive-or operation to obtain at least two, and carrying out exclusive-or operation to obtain a private low-order;
and the private data generation sub-module is used for splicing the private high-order bits and the private low-order bits to generate private data.
Optionally, the apparatus further comprises:
the data formation mark adding module is used for adding a data formation mark with a preset byte number before the data is stored;
and the secret data reconstruction module is used for selecting a second logic operation corresponding to the data constitution mark to reconstruct the secret data according to the data constitution mark in the secret data for secret data reconstruction.
Optionally, the secret data reconstruction module includes:
the private high-order and private low-order sub-module is used for acquiring the private high-order and private low-order of the private data held by the private data providing member;
the reconstruction high-order and reconstruction low-order generation submodule is used for carrying out second logic operation corresponding to the private data providing data forming mark on the private high-order and private low-order provided by different members to obtain the reconstruction high-order and reconstruction low-order of the secret data;
and the splicing sub-module is used for splicing the reconstructed high-order bits and the reconstructed low-order bits to reconstruct secret data.
Optionally, the apparatus further comprises:
the secret data updating module is used for calculating an exclusive-or difference value between the secret data before updating and the secret data after updating or calculating an exclusive-or difference value between the scrambling data before updating and the scrambling data after updating when the secret data or the scrambling data are updated;
and the private data updating module calculates the data complement difference required to be added by each member according to the private data composition form of each member, and accumulates the data complement difference on the private data of each member in an exclusive or operation mode in a balance change mode to obtain the updated private data of each member.
Optionally, the private data updating module is further configured to send update prompt information to a member, and if receiving feedback information that the member accepts the update, send updated private data to the member, and delete the private data before the update.
Optionally, the apparatus further comprises:
the log information generating module is used for generating log information, and the log information at least comprises time for reconstructing the secret data, members for reconstructing the secret data, whether the secret data is updated or whether the scrambling code data is updated.
The functional modules of the secret data sharing device provided by the various embodiments of the invention can be realized in a computer software mode, the whole secret data sharing device can be realized in a user terminal mode, and the user terminal can be arranged in an internet system or a local area network system.
The invention also provides an electronic device, comprising: processor (processor), communication interface (communication interface), memory (memory) and communication bus, wherein processor, communication interface, memory accomplish each other's communication through communication bus. The processor executes the secret data sharing method by calling logic instructions in the memory, and the method comprises the following steps: acquiring secret data; randomly generating scrambling code data according to the length of the secret data; performing first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data; and distributing the plurality of private data to a plurality of members to reconstruct the secret data after performing a second logic operation through the private data of at least two members. By this embodiment, the present invention is implemented as a physical device.
Further, the logic instructions in the memory described above may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RAM, randomAccessMemory), a magnetic disk, or an optical disk, or other various media capable of storing program codes. Accordingly, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which when executed by a processor is implemented to perform the secret data sharing method provided by the above methods, the method comprising: acquiring secret data; randomly generating scrambling code data according to the length of the secret data; performing first logic operation on the secret data content and the content of the scrambling code data to generate a plurality of private data; and distributing the plurality of private data to a plurality of members to reconstruct the secret data after performing a second logic operation through the private data of at least two members. By this embodiment, the present invention is implemented in the form of a computer storage medium.
The apparatus embodiments described above are merely illustrative, in which modules illustrated as separate components may or may not be physically separate, and components that are modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or may be implemented by hardware. The above-described aspects may be implemented by a computer software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., and include several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the various embodiments or methods of portions of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A secret data sharing method, comprising:
acquiring secret data;
randomly generating scrambling code data according to the length of the secret data;
performing first logic operation on the content of the secret data and the content of the scrambling data to generate a plurality of private data;
and distributing the plurality of pieces of private data to a plurality of members so as to reconstruct the private data by performing second logic operation on the private data of at least two members.
2. The secret data sharing method according to claim 1, wherein the secret data includes a secret high bit and a secret low bit, the scrambling data includes a scrambling high bit and a scrambling low bit, and the first logic operation is performed on the secret data and the scrambling data to generate a plurality of private data, including:
taking the scrambling code high order as a private high order, or carrying out exclusive OR operation on at least two of the secret high order, the scrambling code high order, the secret low order and the scrambling code low order to obtain the private high order;
taking the scrambling code low order as a private low order, or carrying out exclusive or operation on at least two of the secret high order, the scrambling code high order, the secret low order and the scrambling code low order to obtain at least two of the secret high order, the scrambling code low order and the scrambling code low order to obtain at least two of the secret low order;
and splicing the private high-order bits and the private low-order bits to generate private data.
3. The secret data sharing method of claim 1, further comprising, prior to distributing the plurality of pieces of secret data to the plurality of members:
adding a data formation mark of a preset byte number before the data is stored;
correspondingly, reconstructing the secret data by performing a second logical operation on the secret data of at least two members, including: and selecting a second logic operation corresponding to the data constitution mark to reconstruct the secret data according to the data constitution mark in the secret data to reconstruct the secret data.
4. A method of sharing secret data according to claim 3, wherein the selecting a second logical operation corresponding to the identity information of the member for secret data reconstruction comprises:
acquiring the high private level and the low private level of the private data held by the private data providing member;
performing a second logic operation corresponding to the private data providing data forming mark on the private high-order and private low-order provided by different members to obtain a reconstructed high-order and a reconstructed low-order of the secret data; and splicing the reconstructed high order and the reconstructed low order to reconstruct the secret data.
5. The secret data sharing method of claim 1, further comprising:
when the secret data or the scrambling code data is updated, calculating an exclusive-or difference value of the secret data before updating and the secret data after updating, or calculating an exclusive-or difference value of the scrambling code data before updating and the scrambling code data after updating;
calculating the data complement difference which needs to be added by each member according to the configuration form of the private data of each member, and accumulating the data complement difference on the private data of each member in an exclusive or operation mode in a balance change mode to obtain the updated private data of each member.
6. The secret data sharing method as claimed in claim 5, further comprising, upon updating the secret data or the scrambled data:
sending update prompt information to the member;
and if the feedback information of the member receiving the update is received, the updated private data is sent to the member, and the private data before the update is deleted.
7. The secret data sharing method of claim 1, further comprising:
generating log information, wherein the log information at least comprises time for reconstructing the secret data, members for reconstructing the secret data, whether the secret data is updated or whether the scrambling code data is updated.
8. A secret data sharing apparatus, comprising:
the acquisition module is used for acquiring secret data;
the first generation module is used for randomly generating scrambling code data according to the length of the secret data;
the second generation module is used for carrying out first logic operation on the content of the secret data and the content of the scrambling data to generate a plurality of private data;
and the distribution module is used for distributing the plurality of private data to a plurality of members so as to reconstruct the secret data after performing second logic operation on the private data of at least two members.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the secret data sharing method of any one of claims 1 to 7 when the program is executed by the processor.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the secret data sharing method of any of claims 1 to 7.
CN202211736161.8A 2022-12-30 2022-12-30 Secret data sharing method and device, electronic equipment and storage medium Active CN116303308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211736161.8A CN116303308B (en) 2022-12-30 2022-12-30 Secret data sharing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211736161.8A CN116303308B (en) 2022-12-30 2022-12-30 Secret data sharing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116303308A true CN116303308A (en) 2023-06-23
CN116303308B CN116303308B (en) 2023-12-08

Family

ID=86821125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211736161.8A Active CN116303308B (en) 2022-12-30 2022-12-30 Secret data sharing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116303308B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003188867A (en) * 2001-12-20 2003-07-04 Nippon Telegr & Teleph Corp <Ntt> Secret information distributed sharing method, device for these, and program
JP2009288616A (en) * 2008-05-30 2009-12-10 Hitachi Ltd Secret sharing method, program and device
CN107124267A (en) * 2017-03-30 2017-09-01 宁波大学 A kind of fixation bit wide key generation method on crypto chip
CN112926087A (en) * 2021-03-09 2021-06-08 南京信息工程大学 Secret sharing method with verification function and high embedding capacity based on two-dimensional code
CN113242125A (en) * 2021-05-17 2021-08-10 长沙理工大学 Verifiable multi-secret sharing scheme of general access structure based on bilinear mapping
CN113407992A (en) * 2021-06-10 2021-09-17 交通银行股份有限公司 Trusted third party-based private data two-party security equality testing method
CN114760055A (en) * 2022-06-15 2022-07-15 山东区块链研究院 Secret sharing method, system, storage medium and device based on Messen prime number
CN114793167A (en) * 2022-03-09 2022-07-26 湖北工业大学 Network coding method, system and equipment based on block encryption and threshold sharing
CN114880693A (en) * 2022-07-08 2022-08-09 蓝象智联(杭州)科技有限公司 Method and device for generating activation function, electronic equipment and readable medium
CN115134086A (en) * 2022-05-25 2022-09-30 北京航空航天大学 Method and device for dynamic committee secret sharing and updating of asynchronous network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003188867A (en) * 2001-12-20 2003-07-04 Nippon Telegr & Teleph Corp <Ntt> Secret information distributed sharing method, device for these, and program
JP2009288616A (en) * 2008-05-30 2009-12-10 Hitachi Ltd Secret sharing method, program and device
CN107124267A (en) * 2017-03-30 2017-09-01 宁波大学 A kind of fixation bit wide key generation method on crypto chip
CN112926087A (en) * 2021-03-09 2021-06-08 南京信息工程大学 Secret sharing method with verification function and high embedding capacity based on two-dimensional code
CN113242125A (en) * 2021-05-17 2021-08-10 长沙理工大学 Verifiable multi-secret sharing scheme of general access structure based on bilinear mapping
CN113407992A (en) * 2021-06-10 2021-09-17 交通银行股份有限公司 Trusted third party-based private data two-party security equality testing method
CN114793167A (en) * 2022-03-09 2022-07-26 湖北工业大学 Network coding method, system and equipment based on block encryption and threshold sharing
CN115134086A (en) * 2022-05-25 2022-09-30 北京航空航天大学 Method and device for dynamic committee secret sharing and updating of asynchronous network
CN114760055A (en) * 2022-06-15 2022-07-15 山东区块链研究院 Secret sharing method, system, storage medium and device based on Messen prime number
CN114880693A (en) * 2022-07-08 2022-08-09 蓝象智联(杭州)科技有限公司 Method and device for generating activation function, electronic equipment and readable medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ELETTE BOYLE等: "Function Secret Sharing: Improvements and Extensions", 《CCS \'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 *
ELETTE BOYLE等: "Homomorphic Secret Sharing: Optimizations and Applications", 《CCS \'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 *
仲鑫玮: "基于隐写技术的安全可验证秘密图像分享方法研究", 《中国优秀硕士学位论文全文数据库》 *
郭娟娟等: "安全多方计算及其在机器学习中的应用", 《计算机研究与发展》 *

Also Published As

Publication number Publication date
CN116303308B (en) 2023-12-08

Similar Documents

Publication Publication Date Title
US11290266B2 (en) Secure multi-party computation method and apparatus, and electronic device
US11050561B2 (en) Multi-party security computing method and apparatus, and electronic device
JP7189953B2 (en) Computer-implemented system and method for performing computational tasks across a group that does not require management approval or that operates in a dealer-free manner
US11316676B2 (en) Quantum-proof multiparty key exchange system, quantum-proof multiparty terminal device, quantum-proof multiparty key exchange method, program, and recording medium
US20100217986A1 (en) Authenticated secret sharing
JP2020532168A (en) A computer-implemented method of generating a threshold vault
US7899184B2 (en) Ends-messaging protocol that recovers and has backward security
JP2020502856A5 (en)
CN111861473B (en) Electronic bidding system and method
CN110784320A (en) Distributed key implementation method and system and user identity management method and system
TW201937899A (en) Computer implemented method and system for obtaining digitally signed data
CN109274492B (en) Self-secure tightly coupled secret sharing method
CN109768863A (en) A kind of block chain key based on elliptic curve is shared and dynamic updating method
CN106127081B (en) The open data fault-tolerant method for secure storing that can verify that
CN111859424B (en) Data encryption method, system, terminal and storage medium of physical management platform
CN109257169A (en) Sequence communication can verify that threshold amount sub-secret sharing method
KR20230078767A (en) Redistribution of secret shares
CN106712942A (en) SM2 digital signature generation method and system based on secret sharing
CN112035574A (en) Private data distributed storage method based on block chain technology
WO2013136235A1 (en) Byzantine fault tolerance and threshold coin tossing
CN117254897B (en) Identity base matrix homomorphic encryption method based on fault-tolerant learning
JP2017130720A (en) Ciphertext management method, ciphertext management device and program
CN116303308B (en) Secret data sharing method and device, electronic equipment and storage medium
CN117155551A (en) Secret information sharing method, system, equipment and storage medium
CN105099693B (en) A kind of transmission method and transmitting device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant