CN116471051B - Secure multiparty data ordering method based on careless transmission protocol - Google Patents

Secure multiparty data ordering method based on careless transmission protocol Download PDF

Info

Publication number
CN116471051B
CN116471051B CN202310283158.3A CN202310283158A CN116471051B CN 116471051 B CN116471051 B CN 116471051B CN 202310283158 A CN202310283158 A CN 202310283158A CN 116471051 B CN116471051 B CN 116471051B
Authority
CN
China
Prior art keywords
polynomial
ordering
algorithm
encryption
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310283158.3A
Other languages
Chinese (zh)
Other versions
CN116471051A (en
Inventor
李雄
商帅
王保锦
易珂来
汪小芬
杨浩淼
张小松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202310283158.3A priority Critical patent/CN116471051B/en
Publication of CN116471051A publication Critical patent/CN116471051A/en
Application granted granted Critical
Publication of CN116471051B publication Critical patent/CN116471051B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3026Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/50Oblivious transfer
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a secure multiparty data ordering method based on an careless transmission protocol, firstly, each participant generates system parameters in an off-line stage; secondly, each participant executes multiparty ordering of privacy protection to generate an ordering request; then, the cloud server receives ordering requests from all the participants and executes aggregation of encryption polynomials; and finally, the participant receives the ciphertext from the cloud server, and the sequencing result corresponding to the private data set of the participant is restored. The coding algorithm of the invention can code one data set into a polynomial to realize the sequencing of different data sets. According to the encoding method, a multiparty multi-data ordering scheme for protecting privacy is provided. Each participant can obtain the ordering result of the data in a privacy protection mode, the data of each participant and the corresponding ordering result are not protected by other participants, and effective communication and calculation are realized.

Description

Secure multiparty data ordering method based on careless transmission protocol
Technical Field
The invention relates to the field of computer science and technology, in particular to a secure multiparty data ordering method based on an careless transmission protocol.
Background
With the rapid development of big data, the data volume of individuals is also increasing. Hundreds of millions of data provide significant support for large data-based business applications, as well as raise a number of data security concerns. To protect the security and privacy of data, securityMultiparty computing technology (SecureMultipartyComputation, SMC) is widely used. Secure multi-party computing refers to possession of private data x, respectively 1 ,x 2 ,…,x n Is jointly involved in calculating the function f (x 1 ,x 2 ,…,x n ) After completion of the calculation, each participant gets, except f (x 1 ,x 2 ,…,x n ) Outside the output of (a), no other data x concerning privacy is available 1 ,x 2 ,…,x n Is a piece of information of (a). Secure multi-party computing is an interactive protocol for computing certain functions between parties. Secure multiparty computing can be divided into two-party computing and multiparty computing, depending on the parties. Such as privacy set transactions, retrieval of private information, secret sharing, and secure multiparty data ordering. Among them, secure multiparty data ordering is one of the most important functional requirements in secure multiparty computing. For a data sequence A, the sorting refers to arranging all data in A into a sequence from small to large, and further determining the positions of all data x in A in the whole sequence. Ranking algorithms for public data have been developed very mature, however, ranking private data is still under development, and related efforts and studies are relatively few.
In 1983, ajtai et al [16] proposed an asymptotic arithmetic time ordering network, called AKS ordering network, which supports ordering of multiple data, with a comparative complexity of O (m-logm), where m is the number of input shares. However, this algorithm is not practical because of its high constant factor. Similar to the ordering network, data-careless ordering is also effectively applied to the SMC protocol, while random shell ordering returns a high probability of correct output, it requires O (m) round interactions and O (mlobm) comparisons, which will significantly increase communication and computational overhead. In 2020, li et al [18] designed a secure multiparty multiple data ordering scheme. In their protocols, all participants should construct an nxm ciphertext matrix, where n is the data field and m is the number of participants. The communication overhead of protocol O (n·m) is quite burdensome for the participants.
In addition to theoretical studies, related researchers have also evaluated the performance of SMC. Wang et al [1] report experimental results of some existing ranking algorithms, their implementation being based on the FairplaySMC system [2]. The running times of the merge sort [3] and the random Hill sort [4] of Batcher at 256 input values are about 3000 and 6200 seconds, respectively. Jonsson et al [5] studied a general technique to hide the number of ordering protocol input values. Their implementation is optimized using a technique called vectorization and implements 16384 secret sharing values to the vectorized Batcher merge sort center in 210 seconds. In addition to the inefficient nature, another problem with these schemes is poor security, i.e., only the identity of the data owner is confused and the privacy of the data itself is not protected.
It is necessary to integrate the above analysis to design an efficient, privacy-preserving multiparty multiple data ordering scheme.
Disclosure of Invention
The invention aims to provide a secure multiparty data ordering method based on an unintentional transmission protocol. And an efficient privacy preserving multiparty multiple data ordering scheme is designed based on the algorithm and the modified k-out-of-n careless transport protocol.
In order to achieve the above purpose, the invention is implemented according to the following technical scheme:
the invention comprises the following steps:
s1: initializing: generating system parameters by each participant in an offline stage;
s2: and (3) generating an ordering request: each participant performs privacy protection multiparty ordering to generate an ordering request;
s3: encryption polynomial aggregation: the cloud server receives ordering requests from all the participants and executes aggregation of encryption polynomials;
s4: and (5) recovering the sequencing result: and the participant receives the ciphertext from the cloud server and restores the sequencing result corresponding to the private data set of the participant.
The beneficial effects of the invention are as follows:
the invention relates to a secure multiparty data ordering method based on an careless transmission protocol, which designs a polynomial-based coding method compared with the prior art. Such an encoding algorithm may encode a data set into a polynomial, in particular, the exponential portion of each term of the polynomial representing the data itself and the coefficients of the term representing the number of occurrences of the data. Thus, the plurality of data sets may enable ordering of the different data sets by corresponding polynomial addition.
According to the designed encoding method based on the polynomials, a multiparty multi-data ordering scheme for protecting privacy is provided. Each participant can obtain the ordering result of the data in a privacy protection mode, namely, the data of each participant and the corresponding ordering result cannot be obtained by other entities, and meanwhile, the malicious behavior of the user can be detected.
The data of each party and the corresponding sequencing result are not protected by other parties. Furthermore, malicious behaviour of any participant can be detected. This scheme enables efficient communication. And calculating. In terms of communication, each sends only one triplet of information to the cloud server, which costs very little—transmission bandwidth. In computational aspects, each aspect participant performs only lightweight computations, such as polynomial constructions and exclusive-or operations.
Drawings
FIG. 1 is a system model diagram of the present invention;
FIG. 2 is a polynomial encryption algorithm of the present invention;
FIG. 3 is an example of a decryption polynomial generation algorithm of the present invention;
FIG. 4 is a graph of experimental data for the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings and specific embodiments, wherein the exemplary embodiments and descriptions of the invention are for purposes of illustration, but are not intended to be limiting.
As shown in fig. 1-3: the polynomial-based coding algorithm comprises four sub-algorithms, namely 1) a basic coding algorithm; 2) A polynomial encryption algorithm; 3) An ordering polynomial generation algorithm and 4) a decryption polynomial generation algorithm.
Basic coding algorithm:
the basic coding algorithm takes a data set D of size k as input and the output is an n-th order polynomial p. The purpose of this algorithm is to map k data in the dataset D into an nth order polynomial p. Where n is the upper limit of the range of values of the data in the dataset D. Details of the specific algorithm are as follows:
input: a data set D, radix R, and data fields 1, n.
And (3) outputting: a polynomial p (in practice, the polynomial evaluation result).
(1) From the data set D, a bit vector V of length n is generated as follows:
wherein i is [1, n ].
(2) Radix, V [ i ] of polynomial R]As coefficients of the ith order term of the polynomial, i.e. the ith order term in the polynomial is V [ i ]]·R i . Finally, the polynomial p is obtainedWhere V is the coefficient vector of the polynomial p.
It should be noted that in generating the polynomial, the most straightforward method is to calculate each term first and then sum all terms. However, this direct approach tends to be very inefficient. Thus, the algorithm is based on the Hall rule [1] The polynomial generation process is accelerated to improve the computational efficiency of the algorithm. The hall rule is the most efficient algorithm for calculating a polynomial value at present. According to the hall rule, the calculation of an n-th order polynomial of a single variable is converted into a sum of n linear expressions. The specific process is as follows:
polynomial f (x) =a n x n +a n-1 X n-1 +...+a 1 x+a 0
Can be converted into: f (x) = (((… (a) n x+a n-1 )x+…+a 3 )x+a 2 )x+a 1 )x+a 0 .
Thus, the polynomial f (x) is at x 0 Evaluation value f (x 0 ) Can be obtained by the following sequence:
r 1 =a n x 0 +a n-1 ·
r 2 =r 1 x 0 +a n-2 .
……
r n =r n-1 x 0 +a 0 .
r n i.e. f (x) 0 ) Is a value of (2).
The above procedure can greatly reduce the computational overhead of the polynomial evaluation value.
Polynomial encryption algorithm:
polynomial expressionMay be represented as a triplet (R, n, V), R being the polynomial radix, n being the order of the polynomial and V being the coefficient vector. For a polynomial, R and n are typically public parameters, so encryption of the polynomial can be achieved by encrypting the polynomial p-coefficient vector.
Input: and a polynomial p.
And (3) outputting: output value F of pseudo-random function F k (R) and ciphertext ep= { R, n, EV } of polynomial p.
(1) The polynomial p is expressed as { R, n, V }, i.e. p=V [1]]·R 1 +V[2]·R 2 +[3]R 3 +…+V[n]·R n
(2) Selected as a random function F, generates a random value k E {0,1} n Let k, V and a random value r E {0,1} n For the input of F, F outputs a pseudo-random bit vector bv=f k (r). Then, the coefficient vector of the polynomial p is encrypted by BV to obtain an encrypted coefficient vector EV, namely
(3) Ciphertext ep=ev1 of polynomial p is generated from encryption coefficient vector EV obtained as described above]·R 1 +EV[2]·R 2 +...+EV[n]·R n
Note that the above-described polynomial encryption scheme is based on the construction scheme 3.28 in document [2], and the related proof shows that the scheme can achieve the security level of CPA-security.
Ranking polynomial generation algorithm:
when encoding the data set D into a polynomialThe ranking polynomial generation algorithm may further generate a corresponding ranking polynomial Sp from p. In the order polynomial, item R of the ith order i The coefficient of (2) is the sequencing result of the data i. It should also be noted that, with ciphertext Ep of polynomial p as input, the ranking polynomial algorithm may further generate an encrypted ranking polynomial ESp based on Ep. The specific process of the sort polynomial generation algorithm is as follows:
input: polynomial p=v1]·R 1 +V[2]·R 2 +V[3]R 3 +…+V[n]·R n Or an encryption polynomial Ep.
And (3) outputting: the ranking polynomial Sp or the encrypted ranking polynomial ESp.
(1) Based on { R, n, V }, the coefficient vector sr of the ranking polynomial Sp may be generated according to the following algorithm:
(2) Generating a sorting polynomial Sp corresponding to the polynomial p according to the following algorithm:
similarly, from { R, n, V } and the encryption polynomial Ep, a corresponding encryption ranking polynomial ESp may be generated according to the following algorithm:
decryption polynomial generation algorithm:
with the encryption polynomial Ep as input, the above-described sort polynomial generation algorithm will output the encrypted sort polynomial ESp. However, to decrypt the encrypted ordering polynomial ESp, the decryption polynomial generation algorithm generates a decryption polynomial Dp from the coefficient vector V of the polynomial p and the coefficient vector EV of the encryption polynomial. The specific process is as follows:
input: a coefficient vector V of the polynomial p and a coefficient vector EV of the encryption polynomial.
And (3) outputting: the polynomial Dp is decrypted.
(1) From V and EV, an n×n matrix M can be generated according to the following algorithm:
(2) The coefficient vector DV of Dp of the ranking polynomial is generated according to the following algorithm:
(3) Decrypting polynomials from DVMeanwhile, dp may also be expressed as { R, n, DV }.
The specific implementation process of the invention is as follows:
(1) An initialization stage: in order to build the whole system, each participant generates system parameters in an offline stage according to the following steps:
step1, the cloud server S selects a security parameter lambda and generates bilinear mapping e.G×G→G according to lambda T Two generator elements G in GAnd h. Thereafter, S randomly selectsAs a system key, and calculate
At the same time, a hash function H: G is selected T →{0,1} l Generating private key SK of SHE homomorphic encryption algorithm s = { p, L }. Select R>m。
Step2 participant U 1 ,U 2 ,…,U m Randomly select gamma [ i ] respectively]Structure of the deviceThereafter, all participants cooperate to generate a secret share of Γ, participant U i Obtaining the secret share r of Γ i Satisfy->
Step3, the cloud server S issues public system parameters SP= { e, g, h and g 1 ,g 2 ,…,g n ,h 1 ,h 2 ,…,h n ,H,R};
(2) And (3) generating an ordering request: m participants U i Multiparty ranking intended to perform privacy protection, a ranking request is generated by the following algorithm:
Step1:U i with own private data set D i ={d i1 ,d i2 ,…,d ik As a selection set. Based on D i System parameters SP, U i Selecting random numbersAnd (3) calculating:
step2, at D i R, n are inputs, and the participant Ui invokes the basic coding algorithm to generate a polynomial pi. Then, taking pi as input, ui calls a polynomial encryption algorithm to generate an encryption polynomial Ep i ={R,n,BV i }。
Step3 according to polynomial p i Coefficient vector V of (2) i And an encryption polynomial Ep i Coefficient vector EV i ,U i Invoking a decryption polynomial generation algorithm to obtain a decryption polynomial Dp i . Then, through the SHE homomorphic encryption algorithm, the Ui encrypts the Dpi to obtain a ciphertext E (Dpi), and in order to protect privacy, the Ui adds confusion ri by using the SHE homomorphic characteristic to obtain
Step 4. Ui ordering request to be generatedAnd sending the cloud server S.
(3) Encryption polynomial aggregation: when an ordering request t= { T from m participants is received 1 ,T 2 ,…,T m And } wherein,the cloud server S performs aggregation of the encryption polynomials by performing the steps of:
step1 based on T, system parameters SP, S perform verification algorithm checks of the unintentional transport protocol (OT)Whether the verification is true or not, if so, the verification is passed; otherwise, the authentication fails and the protocol is terminated.
Step 2S-aggregate encryption polynomial Epi and SHE ciphertextI.e. < ->Andthen, using Ep as input, the cloud server S invokes the ranking polynomial generation algorithm to generate a corresponding ranking polynomial ESp.
Step3 cloud Server S uses the private Key SK of SHE s = { p, L } decrypt E (Dp * ) I.e., E (Dp+Γ), to obtain the decryption polynomial Dp * =dp+Γ. Thereafter, S deconstructs Dp * Is { R, n, DV }:
Dp * =DV * [1]·R 1 +DV * [2]·R 2 +…+DV * [n]·R n
step4, selecting random number by the cloud server SAnd calculates ciphertext C according to the following algorithm 0i
Step5, the cloud server S respectively sends C i ={C i0 ,C ij ,ES p U is given to i
(4) And (5) recovering the sequencing result: when C from cloud server S is received i ={C i0 ,C ij ,ES p },U i Recovery data, i.e. Di corresponding sequencing result SR i . The specific process is as follows:
Step1:U i reconstruction ESp =sr [1]]·R 1 +sr*[2]·R 2 +...+sr*[n]·R n
Step2 based on ciphertext C i0 ,C ij Select set D i Key s i And SP, U i Computing the aliased decryption vector DV according to the following procedure:
where d it ∈D i ,1≤t≤k.
step3: finally, U i Reconstruct the sequencing result SR i The method comprises the following steps:
sr ij =sr[d ij ]=sr * [d ij ]+DV * [d ij ]-γ[d ij ],
where 1≤i≤m and 1≤j≤k.
based on the proposed polynomial-based encoding method, the present invention proposes an efficient privacy-preserving multiparty multi-data ordering method that allows multiparty to order the plurality of data they own in a privacy-preserving manner. Security analysis proves that this scheme is privacy preserving, i.e. the data set and the corresponding ordering result cannot be revealed by any party other than the owner of the data set. In addition, extensive experiments were performed to evaluate and compare the performance of this protocol and other related works. The results indicate that the efficient privacy preserving multiparty data ordering scheme presented herein does have efficient communication and computational performance. The experimental representation of the present invention is shown in fig. 4, which contains the communication and computational overhead of the scheme.
The technical scheme of the invention is not limited to the specific embodiment, and all technical modifications made according to the technical scheme of the invention fall within the protection scope of the invention.
Reference is made to:
[1]Wang G,Luo T,Goodrich M T,et al.Bureaucratic protocols for secure two-party sorting,selection,and permuting[C]//Proceedings of the 5th ACM Symposium on Information,
Computer and Communications Security.2010:226-237.
[2]Malkhi D,Nisan N,Pinkas B,et al.Fairplay-Secure Two-Party ComputationSystem[C]//USENIX security symposium.2004,4:9.
[3]Batcher K E.Sorting networks and their applications[C]//Proceedings of the April 30--May 2,
1968,spring joint computer conference.1968:307-314.
[4]Batcher K E.Sorting networks and their applications[C]//Proceedings of the April 30--May 2,
1968,spring joint computer conference.1968:307-314.
[5]K V,Kreitz G,Uddin M.Secure multi-party sorting and applications[J].Cryptology ePrint Archive,2011.

Claims (2)

1. a secure multiparty data ordering method based on an unintentional transport protocol, comprising the steps of:
s1: initializing: each participant generates a public system parameter SP in an offline stage;
s2: and (3) generating an ordering request: each participant executes the ordering request generation of the privacy protection multiparty ordering request;
s1.1, the cloud server S selects a security parameter lambda and generates bilinear mapping e.G×G- & gtG according to lambda T Two of G generate elements G and h; thereafter, the cloud server S randomly selectsAs a system key and calculateAt the same time, a hash function H: G is selected T →{0,1} l Generating private key SK of SHE homomorphic encryption algorithm s = { P, L }; select R>m;
S1.2 Party U 1 ,U 2 ,…,U m Randomly select gamma [ i ] respectively]Structure of the deviceThereafter, all participants cooperate to generate a secret share of Γ, participant U i Obtaining the secret share r of Γ i Satisfy->m represents the number of participants, U i Representing the ith party;
s1.3, the cloud server S issues public system parameters SP= { e, g, h and g 1 ,g 2 ,…,g n ,h 1 ,h 2 ,…,h n ,H,R}
S2.1:U i With own private data set D i ={d i1 ,d i2 ,…,d ik -as a selection set; based on D i Public system parameters SP, U i Selecting random numbersAnd (3) calculating:
s2.2: to select set D i The base R and the positive integer n are used as inputs, and the participant U i Generating an n-order polynomial p by calling a basic coding algorithm i The method comprises the steps of carrying out a first treatment on the surface of the Then, the n-th order polynomial p is used i U as input i Invoking a polynomial encryption algorithm to generate an encryption polynomial Ep i ={R,n,BV i };
S2.3: according to polynomial p of order n i Coefficient vector V of (2) i And an encryption polynomial Ep i Coefficient vector EV i ,U i Invoking a decryption polynomial generation algorithm to obtain a decryption polynomial Dp i The method comprises the steps of carrying out a first treatment on the surface of the Then, U is encrypted by SHE homomorphic encryption algorithm i Encryption Dp i Obtaining ciphertext E (Dp) i ) To protect privacy, U i Using SHE homomorphism characteristics plus confusion r i Obtaining E (Dp) * i )=E(Dp i +r i );
S2.4:U i Will generateOrdering requests of (a)Sending to a cloud server S;
s3: encryption polynomial aggregation: the cloud server S receives ordering requests from all the participants and executes aggregation of encryption polynomials;
when an ordering request t= { T from m participants is received 1 ,T 2 ,…,T m The cloud server S performs aggregation of the encryption polynomials by performing the steps of:
s3.1: based on T, system parameters SP, cloud server S performs verification algorithm check of careless transmission protocolWhether the verification is true or not, if so, the verification is passed; otherwise, the verification fails, and the protocol is terminated;
s3.2: cloud server S aggregate encryption polynomial Ep i And SHE ciphertext E (Dp) * i ) I.e.Andthen, using Ep as input, the cloud server S calls a sorting polynomial generating algorithm to generate a corresponding sorting polynomial ESp;
s3.3: cloud server S uses SHE' S private key SK s = { P, L } decrypt E (Dp * ) I.e., E (Dp+Γ), to obtain the decryption polynomial Dp * =dp+Γ; then, the cloud server S deconstructs Dp * Is { R, n, DV * }:
Dp * =DV * [1]·R 1 +DV * [2]·R 2 +…+DV * [n]·R n
S3.4: cloud server S selects random numbersAnd is as followsAlgorithm calculation ciphertext C 0i
S3.5: cloud server S sends C respectively i ={C i0 ,C ij ,ES p U is given to i
S4: and (5) recovering the sequencing result: the participant receives the ciphertext from the cloud server S and restores the sequencing result corresponding to the private data set of the participant;
the decryption polynomial generation algorithm is as follows: taking the encryption polynomial Ep as input, the ranking polynomial generation algorithm will output the encrypted ranking polynomial ESp; in order to decrypt the encrypted ordering polynomial ESp, the decryption polynomial generation algorithm generates a decryption polynomial Dp from the coefficient vector V of the polynomial p and the coefficient vector EV of the encryption polynomial, as follows:
input: a coefficient vector V of the polynomial p and a coefficient vector EV of the encryption polynomial;
and (3) outputting: decrypting the polynomial Dp;
from V and EV, an n×n matrix M can be generated according to the following algorithm:
the coefficient vector DV of Dp of the ranking polynomial is generated according to the following algorithm:
decrypting polynomials from DVMeanwhile, dp can also be expressed as { R, n, DV }
The sorting polynomial generation algorithm is as follows: when encoding the data set D into a polynomialThe sorting polynomial generation algorithm further generates a corresponding sorting polynomial Sp according to the polynomial p, in which the item R of the ith order i The coefficient of (a) is the ordering result of the data i, meanwhile, the ciphertext Ep of the polynomial p is taken as input, the ordering polynomial algorithm can further generate an encrypted ordering polynomial ESp according to the Ep, and the specific process of the ordering polynomial generation algorithm is as follows:
input: polynomial p=v1]·R 1 +V[2]·R 2 +V[3]R 3 +…+V[n]·R n Or an encryption polynomial Ep;
and (3) outputting: a ranking polynomial Sp or an encrypted ranking polynomial ESp;
based on { R, n, V }, the coefficient vector sr of the ranking polynomial Sp may be generated according to the following algorithm:
generating a sorting polynomial Sp corresponding to the polynomial p according to the following algorithm:
from { R, n, V } and the encryption polynomial Ep, a corresponding encryption ordering polynomial ESp may be generated according to the following algorithm:
wherein: sr * [1]=1
The basic coding algorithm is: taking a data set D with a size of k as an input, and taking a polynomial p as an output, wherein the purpose is to map k data in the data set D into the polynomial p, and n is the upper limit of the value range of the data in the data set D; the specific algorithm details are as follows:
input: a data set D, radix R, and data fields [1, n ];
and (3) outputting: a polynomial p;
from the data set D, a bit vector V of length n is generated as follows:
wherein i is E [1, n ]
Radix, V [ i ] of polynomial R]As coefficients of the ith order term of the polynomial, i.e. the ith order term in the polynomial is V [ i ]]·R i Finally, the polynomial p is obtainedWherein V is the coefficient vector of the polynomial p;
the calculation of a single-variable n-th order polynomial is converted into the sum of n linear expressions; the specific process is as follows:
polynomial f (x) =a n x n +a n-1 x n-1 +…+a 1 x+a 0 Can be converted into:
f(x)=(((···(a n x+a n-1 )x+···+a 3 )x+a 2 )x+a 1 )x+a 0
thus, the polynomial f (x) is at x 0 Evaluation value f (x 0 ) Can be obtained by the following sequence:
r 1 =a n x 0 +a n-1
r 2 =r 1 x 0 +a n-2
······
r n =r n-1 x 0 +a 0
r n i.e. f (x) 0 ) Is a value of (2);
the polynomial encryption algorithm is as follows: polynomial expressionExpressed as a triplet (R, n, V), R being the base of the polynomial, n being the order of the polynomial, V being the coefficient vector, R and n being the parameters disclosed for a polynomial, the encryption of the polynomial being thus achieved by encrypting the coefficient vector of the polynomial p;
input: polynomial p
And (3) outputting: output value F of pseudo-random function F k (R) and ciphertext ep= { R, n, EV } of polynomial p;
the polynomial p is expressed as { R, n, V }, i.e. p=V [1]]·R 1 +V[2]·R 2 +V[3]R 3 +…+V[n]·R n
Selected as a random function F, generates a random value k E {0,1} n Let k, V and a random value r E {0,1} n For the input of F, F outputs a pseudo-random bit vector bv=f k (r) then encrypting the coefficient vector of the polynomial p by BV to obtain an encrypted coefficient vector EV, i.e
Ciphertext ep=ev [1] of polynomial p generated from coefficient vector EV obtained as described above]·R 1 +EV[2]·R 2 +...+EV[n]·R n
2. The secure multi-party data ordering method based on careless transmission protocol as recited in claim 1, wherein: the step S4 specifically includes the following steps:
when C from cloud server S is received i ={C i0 ,C ij ,ES p },U i Recovery data, D i Corresponding sequencing result SR i ;D i Is a private data set of the participant Ui, and the specific process is as follows:
S4.1:U i reconstruction ESp =sr [1]]·R 1 +sr*[2]·R 2 +...+sr * [n]·R n
S4.2: according to ciphertext C i0 ,C ij Select set D i Key s i And SP, U i The blending is calculated according to the following procedureDecryption vector DV of alias:
wherein: d, d it ∈D i ,1≤t≤k
S4.3: finally, U i The ranking result sr is reconstructed by the following procedure ij
sr ij =sr[d ij ]=sr * [d ij ]+DV * [d ij ]-γ[d ij ]
Wherein: i is more than or equal to 1 and m is more than or equal to 1 and j is more than or equal to k.
CN202310283158.3A 2023-03-22 2023-03-22 Secure multiparty data ordering method based on careless transmission protocol Active CN116471051B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310283158.3A CN116471051B (en) 2023-03-22 2023-03-22 Secure multiparty data ordering method based on careless transmission protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310283158.3A CN116471051B (en) 2023-03-22 2023-03-22 Secure multiparty data ordering method based on careless transmission protocol

Publications (2)

Publication Number Publication Date
CN116471051A CN116471051A (en) 2023-07-21
CN116471051B true CN116471051B (en) 2024-04-02

Family

ID=87183313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310283158.3A Active CN116471051B (en) 2023-03-22 2023-03-22 Secure multiparty data ordering method based on careless transmission protocol

Country Status (1)

Country Link
CN (1) CN116471051B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712260A (en) * 2018-05-09 2018-10-26 曲阜师范大学 The multi-party deep learning of privacy is protected to calculate Proxy Method under cloud environment
CN109257108A (en) * 2018-11-13 2019-01-22 广东水利电力职业技术学院(广东省水利电力技工学校) A kind of multiplicate controlling quantum communications protocol implementing method and system
CN110309674A (en) * 2019-07-04 2019-10-08 浙江理工大学 A kind of sort method based on full homomorphic cryptography
US11133922B1 (en) * 2020-04-15 2021-09-28 Sap Se Computation-efficient secret shuffle protocol for encrypted data based on homomorphic encryption
CN114168977A (en) * 2021-11-07 2022-03-11 西安电子科技大学 Cipher text-based numerical value safe sorting method and system
CN115455488A (en) * 2022-11-15 2022-12-09 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Secret database query method and device based on secret copy sharing

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11356241B2 (en) * 2020-04-15 2022-06-07 Sap Se Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing
US20230017374A1 (en) * 2021-06-24 2023-01-19 Sap Se Secure multi-party computation of differentially private heavy hitters

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712260A (en) * 2018-05-09 2018-10-26 曲阜师范大学 The multi-party deep learning of privacy is protected to calculate Proxy Method under cloud environment
CN109257108A (en) * 2018-11-13 2019-01-22 广东水利电力职业技术学院(广东省水利电力技工学校) A kind of multiplicate controlling quantum communications protocol implementing method and system
CN110309674A (en) * 2019-07-04 2019-10-08 浙江理工大学 A kind of sort method based on full homomorphic cryptography
US11133922B1 (en) * 2020-04-15 2021-09-28 Sap Se Computation-efficient secret shuffle protocol for encrypted data based on homomorphic encryption
CN114168977A (en) * 2021-11-07 2022-03-11 西安电子科技大学 Cipher text-based numerical value safe sorting method and system
CN115455488A (en) * 2022-11-15 2022-12-09 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Secret database query method and device based on secret copy sharing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
高效可扩展的对称密文检索架构;吴志强;李肯立;郑蕙;;通信学报(第08期) *

Also Published As

Publication number Publication date
CN116471051A (en) 2023-07-21

Similar Documents

Publication Publication Date Title
US10033708B2 (en) Secure computation using a server module
CN110213042B (en) Cloud data deduplication method based on certificate-free proxy re-encryption
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
Zheng et al. HAVAL—a one-way hashing algorithm with variable length of output
JP5542474B2 (en) Method and system for verifying similarity between a first signal and a second signal
US9401804B2 (en) Leakage resilient garbled circuit generation using reduced memory hardware token
CN113297606B (en) Color quantum image encryption and decryption method based on multiple chaos and DNA operation
CN108737115B (en) Private attribute set intersection solving method with privacy protection
US20030056118A1 (en) Method for encryption in an un-trusted environment
CN110851845A (en) Light-weight single-user multi-data all-homomorphic data packaging method
WO2014113132A2 (en) Method for secure symbol comparison
CN108880782B (en) Minimum value secret computing method under cloud computing platform
Manikandan et al. On dual encryption with RC6 and combined logistic tent map for grayscale and DICOM
Salman et al. A homomorphic cloud framework for big data analytics based on elliptic curve cryptography
Patel et al. Image encryption decryption using chaotic logistic mapping and dna encoding
CN116170142B (en) Distributed collaborative decryption method, device and storage medium
CN110737907B (en) Anti-quantum computing cloud storage method and system based on alliance chain
CN116471051B (en) Secure multiparty data ordering method based on careless transmission protocol
CN115865302A (en) Multi-party matrix multiplication method with privacy protection attribute
Patel et al. A novel verifiable multi-secret sharing scheme based on elliptic curve cryptography
Backes et al. Fully secure inner-product proxy re-encryption with constant size ciphertext
Karimani et al. An LWE-based verifiable threshold secret sharing scheme
CN113330712A (en) Encryption system and method using permutation group-based encryption technology
You et al. Secure two-party computation approach for ntruencrypt
CN114499845B (en) Multi-party secure computing method, system, device, storage medium and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant