CN116401686A - Homomorphic encryption-based multiparty privacy set operation method and system - Google Patents
Homomorphic encryption-based multiparty privacy set operation method and system Download PDFInfo
- Publication number
- CN116401686A CN116401686A CN202310333682.7A CN202310333682A CN116401686A CN 116401686 A CN116401686 A CN 116401686A CN 202310333682 A CN202310333682 A CN 202310333682A CN 116401686 A CN116401686 A CN 116401686A
- Authority
- CN
- China
- Prior art keywords
- participants
- bloom filter
- cloud server
- party
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004364 calculation method Methods 0.000 claims abstract description 44
- 238000009825 accumulation Methods 0.000 claims abstract description 5
- 230000007246 mechanism Effects 0.000 claims description 25
- 230000014509 gene expression Effects 0.000 claims description 19
- 230000003993 interaction Effects 0.000 claims description 13
- 239000004973 liquid crystal related substance Substances 0.000 claims description 12
- 125000004122 cyclic group Chemical group 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 4
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 claims 2
- 238000005516 engineering process Methods 0.000 description 8
- 239000013598 vector Substances 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 208000035473 Communicable disease Diseases 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 208000015181 infectious disease Diseases 0.000 description 2
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006806 disease prevention Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a multiparty privacy set operation method and a multiparty privacy set operation system based on homomorphic encryption, wherein the multiparty privacy set operation method comprises the following steps: obtaining a public key and a private key; generating private keys of all the participants; determining parameters of a bloom filter; each participant encrypts the bloom filter structure by using a public key to obtain a ciphertext and sends the ciphertext to a cloud server; the cloud server receives a request of a designated participant, performs secret state calculation and sends the secret state calculation to other participants; the other participants calculate decryption shares and send the decryption shares to a cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs accumulation multiplication to obtain intermediate values required by decryption of the designated participants, and the intermediate values and a secret state calculation result are sent to the designated participants; decrypting the appointed party to obtain a bloom filter plaintext, and inquiring the bloom filter plaintext to obtain a set required by the appointed party. The invention can ensure that information except the result is not revealed, and expands the applicable scene of the privacy set exchange protocol.
Description
Technical Field
The invention belongs to the technical field of encryption, and particularly relates to a multiparty privacy set operation method and system based on homomorphic encryption.
Background
In the times of great data and artificial intelligence, various different application programs master different data of users, the data circulate in different programs, each party digs the data, and greater value is created from the data, so that better user experience is brought, a large amount of user privacy data is revealed, and personal information of citizens cannot be ensured. How to protect the privacy of user data and effectively play the data value becomes the most important reason for the rise of secure multiparty computing.
In the prior art, a polynomial method is generally used, but the method is not suitable for the current big data environment due to the calculation burden caused by higher-order polynomial interpolation and factorization, and the requirement of a known scheme of a corpus can cause that all participants in the early stage consume a great deal of cost on determining the corpus and bring about unnecessary information leakage; while the participants in the prior art schemes require a large amount of interaction and require the participants to perform a large amount of secret computation locally.
Accordingly, there is a need to improve upon the above-described deficiencies in the prior art.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a multiparty privacy set operation method and a multiparty privacy set operation system based on homomorphic encryption. The technical problems to be solved by the invention are realized by the following technical scheme:
in a first aspect, the present invention provides a method for computing a multiparty privacy set based on homomorphic encryption, including:
generating initial parameters by using a parameter generating mechanism, and acquiring a public key and a private key according to the initial parameters;
generating private keys of all the participants according to a Shamir (t, n) threshold secret sharing scheme;
the parameter generating mechanism interacts with all the participants to determine parameters of the bloom filter;
each participant represents the corresponding set element as a bloom filter structure, encrypts the bloom filter structure by using a public key to obtain a ciphertext, and sends the ciphertext to a cloud server;
the cloud server receives the request, performs the secret state calculation, and sends the secret state calculation result to other participants;
the cloud server interacts with other participants, the other participants calculate decryption shares and send the decryption shares to the cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs accumulation multiplication to obtain intermediate values required by decryption of the designated participants, and the intermediate values and the secret state calculation result are sent to the designated participants;
and the designated party decrypts the intermediate value and the secret state calculation result to obtain a bloom filter plaintext, and queries the bloom filter plaintext to obtain a set required by the designated party.
In a second aspect, the present invention further provides a homomorphic encryption-based multiparty privacy set computing system, including:
the first parameter generation module is used for generating parameters by using the parameter generation mechanism and acquiring a public key and a private key according to the parameters;
the parameter generation module II is used for generating private keys of all the participants according to a Shamir (t, n) threshold secret sharing scheme;
the parameter determining module of the bloom filter is used for interacting the parameter generating mechanism with all the participants to determine the parameters of the bloom filter;
the interaction module I is used for each participant to represent the corresponding set element as a bloom filter structure, encrypt the bloom filter structure by using a public key to obtain a ciphertext, and send the ciphertext to the cloud server;
the interaction module II is used for designating participation to send a request to the cloud server, the cloud server receives the request, performs secret state calculation and sends a secret state calculation result to other participants;
the interaction module III is used for interacting the cloud server with other participants, calculating decryption shares by the other participants, sending the decryption shares to the cloud server, performing power operation on the decryption shares of the other participants by the cloud server, performing cumulative multiplication to obtain an intermediate value required by decryption of the designated participant, and sending the intermediate value and a secret state calculation result to the designated participant;
the result acquisition module is used for decrypting the intermediate value and the secret state calculation result by the designated party to obtain a bloom filter plaintext, and inquiring by using the bloom filter to obtain a set required by the designated party.
The invention has the beneficial effects that:
the multi-party privacy set operation method and the system based on homomorphic encryption, provided by the invention, use BGN encryption algorithm, realize the function of intersection with the union set of multi-party privacy sets based on the characteristics of multiple homomorphic addition and one-time homomorphic multiplication, and avoid using vectors representing elements of the complete set, so that the flexibility of the method is higher, and the process of mutually confirming the complete set by all participants before executing a protocol is avoided; the bloom filter data structure is used, a polynomial expression set is avoided, and the method can adapt to large-scale data due to the characteristics of a bloom filter; the cloud server is used, so that the participants only interact with the cloud server, interaction is not needed among the participants, and meanwhile, a large amount of calculation is entrusted to the cloud server, so that the data which need to participate in local calculation is reduced, and the method is lightweight and user-friendly.
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Drawings
FIG. 1 is a flowchart of a method for computing a multi-party privacy set based on homomorphic encryption according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a multiparty privacy set computing system based on homomorphic encryption according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but embodiments of the present invention are not limited thereto.
In the prior art, in 2004, freedman first proposes a concept of a privacy set intersection protocol, and in recent twenty years, the privacy set intersection is gradually developed and mature, and especially the efficiency of the privacy set intersection protocol of both parties almost reaches the optimum. The existing privacy set intersection is mostly constructed by methods such as careless transmission, homomorphic passwords, polynomials and the like. The privacy protection set intersection technology is to perform set intersection calculation without revealing other information of the participants, but simple intersection calculation is difficult to meet some practical situations, for example, infectious disease prevention and control, an epidemic prevention mechanism is cooperated with enterprises such as manufacturers of electronic equipment (such as smart phones, tablet computers, vehicles or wearable equipment) or communication manufacturers to realize geographic positioning, thereby locking susceptible people, geographic information of users belongs to personal privacy, and a plurality of servers for storing personal geographic position information of users are generally needed, so that in the application situation, a technology for combining intersection with a multiparty privacy set is needed.
Most of the privacy set intersection technologies and privacy set union technologies are difficult to naturally popularize to the multi-party privacy set union intersection technology at present. The problem of intersecting a private set of a designated party with a union of private sets of all other parties is proposed in the paper Privacy-Preserving Set Operations of Kissner and Song, in which set elements are used as roots of polynomials, one polynomial represents one set, and the aim of solving the intersection and union is achieved by safely calculating the multiplication and addition of the polynomials; however, the set of the participants is based on polynomial expression, so that the technology needs to calculate higher-order interpolation and factorization on large-scale data, and the calculation cost is too large to be suitable for the current large-data environment.
Anunay Kulshrestha et al, in its published paper Estimating Incidental Collection in Foreign Intelligence Surveillance: the multi-party privacy set intersection protocol is proposed in Large-Scale Multiparty Private Set Intersection with Union and Sum and expanded into a protocol for intersection with the multi-party privacy set union set; the scheme mainly utilizes the property of DH tuples, but the scheme needs a large amount of communication among the participants, all calculation is born by each participant, and is not friendly to lightweight users.
In addition, there are some general techniques for implementing a Privacy-preserving hybrid set operation, for example, wang et al propose a latest technique for implementing a Privacy-preserving hybrid set operation in Privacy-Preserving Mixed Set Operations, which maintains a vector representing a complete set (the complete set should be a set that can contain a union of all the Privacy sets of participants), and the participants perform corresponding calculations on the corresponding components according to whether an element in the complete set is in their own set, so as to obtain a vector representing a target set; since the corpus is known to each party in this scheme, this requires all parties to determine a corpus in advance by means of communication, etc., the scheme is less flexible. In addition, this approach requires a large amount of interaction between the parties during execution.
In the first era of great data and great artificial intelligence, data becomes a basic resource, and various application programs master different data of users. All parties acquire more resources through data sharing, and a large amount of effective information is mined from the resources, so that good user experience is brought, and greater value is created. However, the massive data mining causes the leakage of sensitive information of users, and the privacy security of citizens cannot be ensured. Furthermore, the intersection and merging operation of the collection is the simplest means for processing the collection data, and in some application scenarios, only the intersection technology with the multiparty privacy collection union is needed. In view of this, in order to ensure data security and mine the value of data, the invention provides an algorithm capable of realizing the union and collection of multi-party privacy sets.
Secondly, most of the current similar schemes do not introduce cloud computing technology, so that participants are required to have certain computing capacity, and in the time of mass data, large-scale data sets are often required to be dealt with, and the requirements on the computing capacity of the participants are further improved. In view of this, the invention introduces the cloud server in the protocol design, the participant only needs to encrypt the data and upload the data, the cloud server will execute the calculation after sending the set operation request, and the participant only needs to wait for the cloud server to return the ciphertext result.
In summary, in order to overcome the defects in the prior art, the invention provides a homomorphic encryption-based multiparty privacy set operation method and a homomorphic encryption-based multiparty privacy set operation system, which can ensure that information except a result is not revealed, and the calculation is migrated to a cloud server, so that the application scene of a privacy set exchange protocol is expanded, and the realistic requirements can be better served.
Referring to fig. 1, fig. 1 is a flowchart of a method for computing a multi-party privacy set based on homomorphic encryption according to an embodiment of the present invention, where the method for computing a multi-party privacy set based on homomorphic encryption includes:
s101, generating initial parameters by using a parameter generating mechanism, and acquiring a public key and a private key according to the parameters.
Specifically, the public key and the private key are acquired through the following procedure in the present embodiment.
S1011, selecting a safety parameter by the parameter generating mechanism PGAnd generating a resultant bilinear map parameter +.>Wherein q 1 And q 2 Two primes, respectively>And->Respectively two N-order cyclic groups, N=q 1 q 2 E is a mapping, optionally e: -A:>
s1012, randomly selecting N-order cyclic groupsTwo generator g and u in (1) to obtain N-order cyclic group +.>Is one q of (2) 1 The expression of the random generator h of the order group is as follows:
s1013, according to the bilinear mapping parameters of the number of the combinationsN-th order cycle group->Is a generator g and N-order cyclic group->Q of (2) 1 Generating element h of order subgroup, obtaining public key +.>And private key->And the public key is disclosed, and the private key is stored in a private way.
S102, generating private keys of all the participants according to a Shamir (t, n) threshold secret sharing scheme.
Specifically, the private key of the participant is acquired through the following procedure in the present embodiment.
S1021, the parameter generating mechanism PG randomly selects a parameter a from {0, …, N-1} j A polynomial function f (X) is constructed, the expression of which is:
wherein n is the total number of participants, j is the index, X j Is an unknown part of one term in a polynomial function, a constant term a in a polynomial function f (X) 0 =q 1 ;
S1022, according to the polynomial function, the parameter generating mechanism PG gives each party P i Transmit share s i =f (i), generating each party P i Is a private key sk of (1) i =s i Which is provided withWhere j=1, …, n-1, i=1, …, n, i is the i-th party.
S103, the parameter generating mechanism interacts with all the participants to determine parameters of the bloom filter.
Specifically, the parameters of the bloom filter are determined by the following procedure in the present embodiment.
S1031, each participant P i Using public keysFor parameters->Encrypting to obtain an encryption resultAnd sends the encryption result to the parameter generating mechanism PG; wherein (1)>For party P i The upper limit of the size of the holding privacy set, i=1, …, N, r is a parameter randomly selected from {0,1, …, N-1 };
s1032, the parameter generating mechanism PG decrypts the encryption result to obtain the parametersAnd then the false positive rate fpp of the bloom filter is selected, the size m of the bloom filter and the number k of hash functions of the bloom filter are determined, and the expressions are respectively as follows:
s1033, the parameter generating mechanism PG selects k hash functions h of the bloom filter l Determining and disclosing parameters of a bloom filter, the parameters of the bloom filter including v max Fpp, m, k and h l L=1, …, k, l is an index for identifying k hash functions.
And S104, each participant represents the corresponding aggregate element as a bloom filter structure, encrypts the bloom filter structure by using a public key to obtain a ciphertext, and sends the ciphertext to the cloud server.
Specifically, in this embodiment, the ciphertext of the bloom filter structure corresponding to each participant is obtained through the following procedure.
S1041, each party P i Generating an initial bloom filter BF i Initial bloom filter BF i The value of each position in (a) is initialized to 0;
s1042, obtaining each Party P i Element x in the privacy set of (2) i,j Of (a), i.e. h 1 (x i.j ),...,h 2 (x i,j ),...,h k (x i,j );x i,j ∈X i ,X i For party P i I=1, …, n, n is the total number of participants, j=1, …, v i ,v i For party P i Privacy set X of (2) i Size of h 1 ,h 2 ,...,h k K is the number of hash functions of the bloom filter;
s1043, each party P i Element x in the privacy set of (2) i,j K hash function values of (a) are used as index values to obtain each participant P i Corresponding bloom filterTo->Indicating bloom filterThe value at position γ, γ=1, …, m, m is the bloom filter size:
s1044, each participant P i Bloom filter for its counterpart using public keyEncrypting to obtain the encrypted bloom filter->Namely, ciphertext is obtained, and the expression is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,is a bloom filter after encryption>Ciphertext of the j-th position of (c), r i,j Is randomly selected from->Parameter of->Grouping the rest classes of the model N;
s1045, party P i And sending the ciphertext to the cloud server.
S105, the designated party sends a request to the cloud server, the cloud server receives the request, performs the secret state calculation, and sends the secret state calculation result to other parties.
Specifically, in this embodiment, the secret calculation result is obtained through the following procedure and sent to other parties.
S1051, designate participationSquare P 1 Cloud serverSending a request; wherein the designated party P 1 To cloud server->Sending own ID to initiate the request;
s1052 and cloud serverSelecting other participants P i Corresponding ciphertext->i=2, 3, …, n, and using the additive homomorphism of the encryption algorithm, X 'is obtained' res Ciphertext of the corresponding bloom filter:
wherein C' j Is X' res Ciphertext of the j-th position of the corresponding encryption bloom filter, r' i,j Is randomly selected fromJ=1, …, m, < >>
S1053 and cloud serverWill specify party P 1 Ciphertext->And X is r ' es The ciphertext of the corresponding bloom filter is multiplied homomorphism to obtain X res The corresponding ciphertext of the bloom filter has the expression:
wherein C is j Is X res Ciphertext of the jth position of the corresponding encryption bloom filter, αq 2 Satisfy the following requirementsr j Is randomly selected from->J=1, …, m, < >>For middle reference parameters +.>
S1054 and cloud serverWill specify the required set X of participants res The ciphertext of the corresponding bloom filter is sent to other participants P i 。
And S106, the cloud server interacts with other participants, the other participants calculate decryption shares and send the decryption shares to the cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs accumulation to obtain intermediate values required by decryption of the designated participants, and the intermediate values and the secret state calculation result are sent to the designated participants.
Specifically, the intermediate value required for decryption by the designated party is acquired by the following procedure in the present embodiment.
S1061 other participants P i Use its corresponding private key sk i Acquisition ofAnd will->Send to cloud Server->Wherein (1)>The expression of (2) is:
wherein, the liquid crystal display device comprises a liquid crystal display device,for decrypting shares->
S1062 cloud serverAcquiring designated party P 1 Decryption X res Ciphertext of corresponding bloom filterThe required intermediate value SC, expressed as:
SC=(SC 1 ,SC 2 ,…,SC m );
where Δ=n-! I' is an index, mod modulo operation;
s1063 cloud serverWill specify the required set X of participants res Ciphertext of corresponding bloom filterAnd intermediate value SC sent to designated party P 1 。
And S107, decrypting the intermediate value and the secret state calculation result by the designated party to obtain a bloom filter plaintext, and inquiring by using the bloom filter to obtain a set required by the designated party.
Specifically, the set required for specifying the participants is acquired through the following procedure in the present embodiment.
S1071, designated party P 1 Use its corresponding private key sk 1 For a pair ofEach C of (2) j Performing power calculation to obtainThe expression is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,is->Is passed by (B)A filter;
s1072, designated party P 1 Receiving the intermediate value SC, decrypting to obtain bloom filter plaintext M j The expression is:
where j=1, …, m is the corresponding position in the ciphertext, Δ=n-! The method comprises the steps of carrying out a first treatment on the surface of the If M j =1, thenOtherwise, go (L)>I is an index set of all participants;
s1073, designated party P 1 Plaintext M according to bloom filter j Querying by using bloom filter to obtain a set X required by a designated party res 。
In summary, the multiparty privacy set operation method based on homomorphic encryption provided by the invention uses BGN encryption algorithm, realizes the intersection function with the union of multiparty privacy sets based on the characteristics of multiple times of homomorphism and one time of homomorphism, and avoids using vectors representing elements of the corpus, thereby having stronger flexibility and avoiding the process of mutually confirming the corpus by all participants before executing a protocol; the bloom filter data structure is used, a polynomial expression set is avoided, and the method can adapt to large-scale data due to the characteristics of a bloom filter; the cloud server is used, so that the participants only interact with the cloud server, interaction is not needed among the participants, and meanwhile, a large amount of calculation is entrusted to the cloud server, so that the data which need to participate in local calculation is reduced, and the method is lightweight and user-friendly.
Based on the same inventive concept, please refer to fig. 2, fig. 2 is a schematic diagram of a multiparty privacy set computing system based on homomorphic encryption provided in an embodiment of the present invention, and the present invention further provides a multiparty privacy set computing system based on homomorphic encryption, which includes:
a first parameter generating module 201, configured to generate an initial parameter using a parameter generating mechanism, and obtain a public key and a private key according to the parameter;
the second parameter generating module 202 is configured to generate a private key of each participant according to a Shamir (t, n) threshold secret sharing scheme;
the parameter determining module 203 of the bloom filter is configured to interact with all the participants by using the parameter generating mechanism to determine parameters of the bloom filter;
the interaction module I204 is used for each participant to represent the corresponding aggregate element as a bloom filter structure, encrypt the bloom filter structure by using a public key to obtain a ciphertext, and send the ciphertext to the cloud server;
the second interaction module 205 is configured to designate a party to send a request to the cloud server, and the cloud server receives the request, performs secret state calculation, and sends a secret state calculation result to other parties;
the interaction module III 206 is used for the cloud server to interact with other participants, the other participants calculate decryption shares and send the decryption shares to the cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs accumulation multiplication to obtain intermediate values required by decryption of the designated participants, and the intermediate values and the secret state calculation result are sent to the designated participants;
the result obtaining module 207 is configured to decrypt the intermediate value and the secret calculation result by the designated party to obtain a bloom filter plaintext, and query the designated party with the bloom filter to obtain a set required by the designated party.
In particular, the homomorphic encryption-based multiparty privacy set computing system provided by the invention can be applied to any scene requiring calculation of intersection with a multiparty privacy set union set, for example, the scene of tracking the contact person or susceptible sensitive crowd of the infectious disease.
It should be noted that in this document relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in an article or apparatus that comprises the element. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The orientation or positional relationship indicated by "upper", "lower", "left", "right", etc. is based on the orientation or positional relationship shown in the drawings, and is merely for convenience of description and to simplify the description, and is not indicative or implying that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Further, one skilled in the art can engage and combine the different embodiments or examples described in this specification.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.
Claims (9)
1. The multi-party privacy set operation method based on homomorphic encryption is characterized by comprising the following steps of:
generating initial parameters by using a parameter generating mechanism, and acquiring a public key and a private key according to the parameters;
generating private keys of all the participants according to a Shamir (t, n) threshold secret sharing scheme;
the parameter generating mechanism interacts with all the participants to determine parameters of a bloom filter;
each participant represents a corresponding set element as a bloom filter structure, encrypts the bloom filter structure by using the public key to obtain a ciphertext, and sends the ciphertext to a cloud server;
designating participation to send a request to the cloud server, wherein the cloud server receives the request, performs secret state calculation and sends a secret state calculation result to other participants;
the cloud server interacts with other participants, the other participants calculate decryption shares and send the decryption shares to the cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs tired multiplication to obtain intermediate values required by decryption of the designated participants, and the intermediate values and the secret state calculation result are sent to the designated participants;
and the appointed party decrypts the intermediate value and the secret state calculation result to obtain a bloom filter plaintext, and queries the bloom filter plaintext to obtain a set required by the appointed party.
2. The homomorphic encryption-based multiparty privacy set operation method according to claim 1, wherein the process of obtaining public and private keys based on the initial parameters generated by the parameter generation mechanism comprises:
the parameter generating mechanism PG selects security parametersAnd generating a resultant bilinear map parameter +.>Wherein q 1 And q 2 Two primes, respectively>And->Respectively two N-order cyclic groups, N=q 1 q 2 E is a mapping;
randomly selecting an N-th order cyclic groupTwo generator g and u in (1) to obtain N-order cyclic group +.>Is one q of (2) 1 The expression of the random generator h of the order group is as follows:
according to the resultant bilinear mapping parametersN-th order cycle group->Is a generator g and N-order cyclic group->Q of (2) 1 Generating element h of order subgroup, obtaining said public key +.>And the private keyAnd the public key is disclosed, and the private key is stored in a private way.
3. The homomorphic encryption-based multiparty privacy set operation method according to claim 1, wherein the generating the private key of each participant according to Shamir (t, n) threshold secret sharing scheme comprises:
the parameter generating means PG randomly selects the parameter a from {0, …, N-1} j A polynomial function f (X) is constructed, the expression of which is:
wherein n is the total number of the participants, j is an index, X j Is an unknown part of one term in a polynomial function, a constant term a in the polynomial function f (X) 0 =q 1 ;
According to a polynomial function, said parameter generating means PG gives each of said parties P i Transmit share s i =f (i), generating each of said participants P i Is a private key sk of (1) i =s i Where j=1, …, n-1, i=1, …, n, i is the i-th party.
4. The homomorphic encryption-based multiparty privacy set manipulation method according to claim 1, wherein the parameter generation mechanism interacts with all the participants and the process of determining parameters of bloom filters comprises:
each of the participants P i Using the public keyFor parameters->Encrypting to obtain an encryption resultAnd sends the encryption result to the parameter generating mechanism PG; wherein (1)>For the party P i The upper limit of the size of the holding privacy set, i=1, …, N, r is a parameter randomly selected from {0,1, …, N-1 };
the parameter generating mechanism PG decrypts the encryption result to obtain parametersAnd then the false positive rate fpp of the bloom filter is selected, the size m of the bloom filter and the number k of hash functions of the bloom filter are determined, and the expressions are respectively as follows:
the parameter generating mechanism PG selects k hash functions h of the bloom filter l Determining and disclosing parameters of a bloom filter, wherein the parameters of the bloom filter comprise v max Fpp, m, k and h l L=1, …, k, l is an index for identifying k hash functions.
5. The homomorphic encryption-based multiparty privacy set operation method according to claim 1, wherein each party represents its corresponding set element as a bloom filter structure, encrypts the bloom filter structure using the public key to obtain ciphertext, and sends the ciphertext to a cloud server, wherein the steps of:
each of the participants P i Generating an initial bloom filter BF i The initial bloom filter BF i The value of each position in (a) is initialized to 0;
acquiring each of the participants P i Element x in the privacy set of (2) i,j Of (a), i.e. h 1 (x i.j ),h 2 (x i,j ),...,h k (x i,j );x i,j ∈X i ,X i For the party P i I=1, …, n, n is the total number of said participants, j=1, …, v i ,v i For the party P i Privacy set X of (2) i Size of h 1 ,h 2 ,...,h k K is the number of hash functions of the bloom filter;
each of the participants P i Element x in the privacy set of (2) i,j Takes k hash function values of the (a) as index values to obtain each party P i Corresponding bloom filterTo->Indicating bloom filterThe value at position γ, γ=1, …, m, m is the bloom filter size;
each of the participants P i The bloom filter for which the public key corresponds is usedEncrypting to obtain the encrypted bloom filter->Namely, ciphertext is obtained, and the expression is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,is a bloom filter after encryption>Ciphertext of the j-th position of (c), r i,j Is randomly selected from->Parameter of->Grouping the rest classes of the model N;
the party P i And sending the ciphertext to a cloud server.
6. The method for computing the multiparty privacy set based on homomorphic encryption according to claim 1, wherein the process of sending a request to the cloud server by the designated party, receiving the request by the cloud server, performing the secret computation, and sending the secret computation result to other parties comprises:
the cloud serverSelecting other participants P i Corresponding ciphertext->And using the addition homomorphism of the encryption algorithm to obtain X' res Ciphertext of the corresponding bloom filter:
wherein C' j Is X' res Ciphertext of the j-th position of the corresponding encryption bloom filter, r' i,j Is randomly selected fromJ=1, …, m, < >>
The cloud serverWill specify party P 1 Is->With X' res The ciphertext of the corresponding bloom filter is multiplied homomorphism to obtain X res The corresponding ciphertext of the bloom filter has the expression:
wherein C is j Is X res Ciphertext of the jth position of the corresponding encryption bloom filter, αq 2 Satisfy the following requirementsr j Is randomly selected from->J=1, …, m, < >>For middle reference parameters +.>
7. The homomorphic encryption-based multiparty privacy set operation method according to claim 1, wherein the cloud server interacts with other participants, the other participants calculate decryption shares and send them to the cloud server, the cloud server exponentiatively multiplies the decryption shares of the other participants to obtain intermediate values required by decryption of the designated participants, and the process of sending the intermediate values and the secret calculation results to the designated participants comprises:
said other party P i Use its corresponding private key sk i Acquisition ofAnd will->Sending to the cloud serverWherein (1)>The expression of (2) is:
wherein, the liquid crystal display device comprises a liquid crystal display device,representing decryption shares->
The cloud serverAcquiring the designated party P 1 Decryption X res Ciphertext of corresponding bloom filterThe required intermediate value SC, expressed as:
SC=(SC 1 ,SC 2 ,…,SC m );
where Δ=n-! I' is an index, mod modulo operation;
8. The homomorphic encryption-based multiparty privacy set operation method according to claim 1, wherein the process of decrypting the intermediate value and the secret computation result by the designated party to obtain bloom filter plaintext and querying with bloom filter to obtain the set required by the designated party comprises:
the designated party P 1 Use its corresponding private key sk 1 For a pair ofEach C of (2) j Performing power calculation to obtain ∈>The expression is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,is->Is used for the water treatment of the water treatment plant,
the designated party P 1 Receiving the intermediate value SC, and decrypting to obtain a bloom filter plaintext M j The expression is:
where j=1, …, m is the corresponding position in the ciphertext, Δ=n-! The method comprises the steps of carrying out a first treatment on the surface of the If M j =1, thenOtherwise the first set of parameters is selected,i= {1,2,..n } is the index set of all participants;
the designated party P 1 Plaintext M according to the bloom filter j Querying by using a bloom filter to obtain a set X required by the designated party res 。
9. A homomorphic encryption-based multiparty privacy set computing system, comprising:
the first parameter generation module is used for generating initial parameters by using a parameter generation mechanism, and acquiring a public key and a private key according to the parameters;
the parameter generation module II is used for generating private keys of all the participants according to a Shamir (t, n) threshold secret sharing scheme;
the parameter determining module of the bloom filter is used for enabling the parameter generating mechanism to interact with all the participants to determine parameters of the bloom filter;
the interaction module I is used for each participant to represent the corresponding set element as a bloom filter structure, encrypt the bloom filter structure by using the public key, acquire ciphertext and send the ciphertext to a cloud server;
the interaction module II is used for designating participation to send a request to the cloud server, the cloud server receives the request, performs secret state calculation and sends a secret state calculation result to other participants;
the interaction module III is used for the cloud server to interact with other participants, the other participants calculate decryption shares and send the decryption shares to the cloud server, the cloud server performs power operation on the decryption shares of the other participants and then performs accumulation multiplication to obtain intermediate values required by decryption of the designated participants, and the intermediate values and the secret state calculation result are sent to the designated participants;
and the result acquisition module is used for decrypting the intermediate value and the secret state calculation result by the appointed party to obtain a bloom filter plaintext, and inquiring by using the bloom filter to obtain a set required by the appointed party.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310333682.7A CN116401686A (en) | 2023-03-30 | 2023-03-30 | Homomorphic encryption-based multiparty privacy set operation method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310333682.7A CN116401686A (en) | 2023-03-30 | 2023-03-30 | Homomorphic encryption-based multiparty privacy set operation method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116401686A true CN116401686A (en) | 2023-07-07 |
Family
ID=87006855
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310333682.7A Pending CN116401686A (en) | 2023-03-30 | 2023-03-30 | Homomorphic encryption-based multiparty privacy set operation method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116401686A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117034370A (en) * | 2023-10-09 | 2023-11-10 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related equipment |
CN117454432A (en) * | 2023-12-20 | 2024-01-26 | 暨南大学 | Privacy protection association rule mining method in distributed environment |
-
2023
- 2023-03-30 CN CN202310333682.7A patent/CN116401686A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117034370A (en) * | 2023-10-09 | 2023-11-10 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related equipment |
CN117034370B (en) * | 2023-10-09 | 2024-01-26 | 腾讯科技(深圳)有限公司 | Data processing method based on block chain network and related equipment |
CN117454432A (en) * | 2023-12-20 | 2024-01-26 | 暨南大学 | Privacy protection association rule mining method in distributed environment |
CN117454432B (en) * | 2023-12-20 | 2024-04-09 | 暨南大学 | Privacy protection association rule mining method in distributed environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | DeepPAR and DeepDPA: privacy preserving and asynchronous deep learning for industrial IoT | |
Zhou et al. | Quantum cryptography for the future internet and the security analysis | |
Liu et al. | Efficient and privacy-preserving outsourced calculation of rational numbers | |
Liu et al. | An efficient privacy-preserving outsourced calculation toolkit with multiple keys | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
CN107294697B (en) | Symmetrical full homomorphic cryptography method based on plaintext similar matrix | |
CN116401686A (en) | Homomorphic encryption-based multiparty privacy set operation method and system | |
WO2019080281A1 (en) | Health record access control system and method in electronic medical cloud | |
WO2018136811A1 (en) | Secure web browsing via homomorphic encryption | |
CN109214201A (en) | A kind of data sharing method, terminal device and computer readable storage medium | |
KR20160114624A (en) | Systems and methods for faster public key encryption using the associated private key portion | |
Goswani et al. | Enhancing security in cloud computing using public key cryptography with matrices | |
Li et al. | ABKS-SKGA: Attribute-based keyword search secure against keyword guessing attack | |
Lin et al. | A blockchain-based fine-grained data sharing scheme for e-healthcare system | |
KR20120028432A (en) | Calculating apparatus and method for elliptic curve cryptography | |
Vigila et al. | Nonce Based Elliptic Curve Cryptosystem for Text and Image Applications. | |
CN110474764B (en) | Ciphertext data set intersection calculation method, device, system, client, server and medium | |
Wang et al. | Privacy preserving computations over healthcare data | |
Sandhia et al. | Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography | |
Huang et al. | A more efficient public-key authenticated encryption scheme with keyword search | |
Bai et al. | NttpFL: Privacy-preserving oriented no trusted third party federated learning system based on blockchain | |
Hong et al. | A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud | |
He et al. | A lightweight secure conjunctive keyword search scheme in hybrid cloud | |
CN111159727B (en) | Multi-party cooperation oriented Bayes classifier safety generation system and method | |
WO2023185360A1 (en) | Data processing method, apparatus, system and device, and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |