CN116628758B - Data processing method, device and system and electronic equipment - Google Patents
Data processing method, device and system and electronic equipment Download PDFInfo
- Publication number
- CN116628758B CN116628758B CN202310906616.4A CN202310906616A CN116628758B CN 116628758 B CN116628758 B CN 116628758B CN 202310906616 A CN202310906616 A CN 202310906616A CN 116628758 B CN116628758 B CN 116628758B
- Authority
- CN
- China
- Prior art keywords
- target
- bit
- elements
- party
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 238000004364 calculation method Methods 0.000 claims abstract description 107
- 150000003839 salts Chemical class 0.000 claims abstract description 77
- 238000000034 method Methods 0.000 claims description 29
- 238000012545 processing Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 10
- 230000001502 supplementing effect Effects 0.000 claims description 4
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 238000013480 data collection Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000005429 filling process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application provides a data processing method, a device, a system and electronic equipment, wherein a first participant with a large number of elements adds a random number with a target length to each first element to obtain a first bit-supplementing element; according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values; and sending a first result set formed by a plurality of first calculated values to a second party with a small number of elements, respectively adding a plurality of candidate random numbers in a preset value range to the second elements by the second party for each second element in the second set to obtain a second bit-supplementing element, performing secure hash computation on the plurality of second bit-supplementing elements by using a target salt value according to target circulation times to obtain a plurality of second calculated values, and determining an intersection set based on a plurality of target calculated values in the first result set in the plurality of second calculated values. The scheme of the application improves the security of the private data.
Description
Technical Field
The embodiment of the application relates to the field of data processing, in particular to a data processing method, a data processing device, a data processing system and electronic equipment.
Background
Privacy-Preserving Set Intersection (PSI) is a Privacy-preserving protocol, which allows multiple parties holding respective data sets to calculate the intersection of data, and meanwhile, does not reveal information beyond any intersection, thus having wide application in the fields of data Privacy preservation, cryptography and the like.
In the scenario where two parties perform private collection intersection, one party typically calculates a hash value on its own data collection using a agreed cryptographic hash function, and sends the calculation result to the other party, which calculates the data intersection.
However, when the sizes of the data sets of the two participants are inconsistent, i.e. the PSI is not balanced, the participant with a smaller data set can collide with the hash value transmitted by the other participant in a limited time in a hash collision manner, so that the problem of stealing additional information is solved, and the security of the private data is affected.
Disclosure of Invention
The embodiment of the application provides a data processing method, a device, a system and electronic equipment, which are used for improving the security of private data.
In a first aspect, an embodiment of the present application provides a data processing method, which is applied to a first participant, where the first participant corresponds to a first set, and the first set includes a plurality of first elements, and the method includes:
For each first element, adding a random number with a target length to the first element to obtain a first bit-filling element;
according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values;
the first result set formed by the first calculated values is sent to a second participant, so that the second participant can respectively add a plurality of candidate random numbers in a preset value range to the second elements for each second element in the second set to obtain second bit-supplementing elements, and according to the target circulation times, the second bit-supplementing elements are subjected to secure hash calculation by utilizing the target salt values to obtain a plurality of second calculated values, and an intersection set is determined based on the target calculated values in the first result set; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set;
and receiving an intersection set sent by the second party.
Optionally, the method further comprises:
Transmitting the first public key to the second party and receiving the second public key transmitted by the second party;
performing product calculation by using the second public key and the first private key to obtain a first product value;
determining a negotiation value based on the first product value and a second product value, wherein the second product value is obtained by the second participant through product calculation based on the received first public key and second private key;
carrying out hash calculation on the negotiation value to obtain a target salt value;
and determining a target length and a target cycle number based on the number of first elements included in the first set, the number of second elements included in the second set and a preset requirement.
Optionally, the performing secure hash calculation on the plurality of first bit-filling elements by using the target salt value according to the target cycle number to obtain a plurality of first calculated values includes:
for each first bit-filling element, according to the target circulation times, performing secure hash calculation on the first bit-filling element by using a target salt value according to the following formula to obtain a first calculated value:
Hb_i = pbkdf2(P A salt, times); where Hb_i represents the first calculated value, pbkdf2 represents the secure hash function, P A Representing a first bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
In a second aspect, an embodiment of the present application provides a data processing method, which is applied to a second participant, where the second participant corresponds to a second set, and the second set includes a plurality of second elements, and the method includes:
receiving a first result set sent by a first participant; the first participant corresponds to a first set, the first set comprises a plurality of first elements, the number of the first elements included in the first set is greater than the number of the second elements included in the second set, the first result set comprises a plurality of first calculated values, each first calculated value is obtained by the first participant through secure hash calculation on a first bit-filling element by utilizing a target salt value according to target cycle times, and the first bit-filling element is obtained by the first participant after adding a random number with a target length to the first elements;
for each second element, respectively adding a plurality of candidate random numbers in a preset value range to the second element to obtain a second bit-supplementing element;
according to the target cycle times, performing secure hash calculation on the plurality of second bit-supplementing elements by using the target salt values to obtain a plurality of second calculated values;
Determining an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values;
the intersection set is sent to the first party.
Optionally, the performing secure hash calculation on the plurality of second bit-filling elements by using the target salt value according to the target cycle number to obtain a plurality of second calculated values includes:
and aiming at each second bit-supplementing element, performing secure hash calculation on the second bit-supplementing element according to the target circulation times by utilizing a target salt value and the following formula to obtain a second calculated value:
Ha_i = pbkdf2(P B salt, times); where Ha_i represents the second calculated value, pbkdf2 represents the secure hash function, P B Representing a second bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
In a third aspect, an embodiment of the present application provides a data processing apparatus, including:
the first bit-supplementing module is used for adding the random number with the target length to each first element to obtain first bit-supplementing elements;
the first calculation module is used for carrying out safe hash calculation on the plurality of first bit-supplementing elements by utilizing the target salt value according to the target cycle times to obtain a plurality of first calculated values;
The first sending module is configured to send a first result set formed by the plurality of first calculation values to a second party, so that the second party adds, for each second element in the second set, a plurality of candidate random numbers in a preset value range to the second element, to obtain a second bit-filling element, and according to the target cycle number, performs secure hash calculation on the plurality of second bit-filling elements by using the target salt value to obtain a plurality of second calculation values, and determines an intersection set based on a plurality of target calculation values in the first result set in the plurality of second calculation values; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set;
and the first receiving module is used for receiving the intersection set sent by the second party.
In a fourth aspect, an embodiment of the present application provides a data processing apparatus, including:
the second receiving module is used for receiving a first result set sent by the first participant; the first participant corresponds to a first set, the first set comprises a plurality of first elements, the number of the first elements included in the first set is greater than the number of the second elements included in the second set, the first result set comprises a plurality of first calculated values, each first calculated value is obtained by the first participant through secure hash calculation on a first bit-filling element by utilizing a target salt value according to target cycle times, and the first bit-filling element is obtained by the first participant after adding a random number with a target length to the first elements;
The second bit supplementing module is used for respectively adding a plurality of candidate random numbers in a preset value range to each second element to obtain second bit supplementing elements;
the second calculation module is used for carrying out safe hash calculation on the plurality of second bit-supplementing elements by utilizing the target salt value according to the target cycle times to obtain a plurality of second calculated values;
a first determining module, configured to determine an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values;
and the second sending module is used for sending the intersection set to the first party.
In a fifth aspect, an embodiment of the present application provides a data processing system, including a first participant and a second participant, where the first participant corresponds to a first set, the first set includes a plurality of first elements, the second participant corresponds to a second set, the second set includes a plurality of second elements, and the number of first elements included in the first set is greater than the number of second elements included in the second set;
the first participant is configured to, for each first element, add a random number of a target length to the first element, and obtain a first bit-complement element; according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values; transmitting a first result set of the plurality of first calculated values to a second party; and receiving an intersection set sent by the second participant;
The second party is configured to receive a first result set sent by the first party, and for each second element, respectively add a plurality of candidate random numbers in a preset value range to the second element to obtain a second bit-filling element; according to the target cycle times, performing secure hash computation on a plurality of second bit-supplementing elements by using the target salt values to obtain a plurality of second computation values; determining an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values; and transmitting the intersection set to the first party.
In a sixth aspect, an embodiment of the present application provides an electronic device, including a storage component and a processing component; the storage component stores one or more computer instructions for execution by the processing component, the processing component executing the one or more computer instructions to implement the data processing method of any of the first or second aspects.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium storing a computer program, which when executed by a computer implements the data processing method according to any one of the first or second aspects.
In the embodiment of the application, for each first element, a random number with a target length is added to the first element to obtain a first bit-filling element, and according to the target cycle number, a plurality of first bit-filling elements are subjected to secure hash calculation by using a target salt value to obtain a plurality of first calculated values, and a first result set formed by the plurality of first calculated values is sent to a second party with a smaller element number; the second participant can respectively add a plurality of candidate random numbers in a preset value range to each second element to obtain second bit-supplementing elements, perform secure hash computation on the plurality of second bit-supplementing elements according to target circulation times by utilizing target salt values to obtain a plurality of second computation values, and determine an intersection set based on a plurality of target computation values in the first result set in the plurality of second computation values so as to share the intersection set with the first participant. By performing secure hash calculation, the difficulty of hash collision is increased, the problem that additional data information is revealed due to the fact that a malicious party maliciously collides with a hash value transmitted by another party in a limited time is avoided, and the security of private data is improved.
These and other aspects of the application will be more readily apparent from the following description of the embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart illustrating one embodiment of a data processing method provided by the present application;
FIG. 2 is a flow chart illustrating another embodiment of a data processing method provided by the present application;
FIG. 3 is a schematic diagram illustrating the construction of one embodiment of a data processing apparatus provided by the present application;
FIG. 4 is a schematic diagram of another embodiment of a data processing apparatus according to the present application;
fig. 5 shows a schematic structural diagram of an embodiment of an electronic device provided by the application.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present application with reference to the accompanying drawings.
In some of the flows described in the specification and claims of the present application and in the foregoing figures, a plurality of operations occurring in a particular order are included, but it should be understood that the operations may be performed out of order or performed in parallel, with the order of operations such as 101, 102, etc., being merely used to distinguish between the various operations, the order of the operations themselves not representing any order of execution. In addition, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first" and "second" herein are used to distinguish different messages, devices, modules, etc., and do not represent a sequence, and are not limited to the "first" and the "second" being different types.
The technical scheme of the application is suitable for the field of data processing, in particular to the data processing for solving intersection of private data sets. Privacy-Preserving Set Intersection (PSI) is a Privacy-preserving protocol, which allows multiple parties holding respective data sets to calculate the intersection of data, and meanwhile, does not reveal information beyond any intersection, thus having wide application in the fields of data Privacy preservation, cryptography and the like.
In the scenario where two parties perform private collection intersection, one party typically calculates a hash value on its own data collection using a agreed cryptographic hash function, and sends the calculation result to the other party, which calculates the data intersection.
However, when the sizes of the data sets of the two participants are inconsistent, the two participants can be called as unbalanced PSI, the participant with smaller data set exists, and the hash value transmitted by the other participant can be collided in a limited time in a hash collision mode, so that the problem of additional information is stolen, and the security of the private data is affected.
In order to solve the technical problems, the inventor prefers to introduce a third party as an aid to resist violent collision attacks, but the risk that collusion and offline caching cannot be stopped by the aid of the third party still exists. Further, the inventors further think that the secure hash algorithm has the property of anti-riot cracking, if a secure hash function, such as pbkdf2 (Password-Based Key Derivation Function 2), scrypt, bcrypt, etc., is adopted, and the hash value calculation is performed on the data set, so that the collision attack difficulty can be increased, thereby improving the security of the private data. Therefore, after a series of thinking and experiments, the technical scheme of the application is provided, and a data processing method is provided and applied to a first participant, wherein the first participant corresponds to a first set, the first set comprises a plurality of first elements, and the method comprises the following steps: for each first element, adding a random number with a target length to the first element to obtain a first bit-filling element; according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values; the first result set formed by the first calculated values is sent to a second participant, so that the second participant can respectively add a plurality of candidate random numbers in a preset value range to the second elements for each second element in the second set to obtain second bit-supplementing elements, and according to the target circulation times, the second bit-supplementing elements are subjected to secure hash calculation by utilizing the target salt values to obtain a plurality of second calculated values, and an intersection set is determined based on the target calculated values in the first result set; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set; and receiving an intersection set sent by the second party.
And the first result set is sent to the second party with smaller element number to determine the intersection set, so that the difficulty of hash collision is increased, the problem of extra data information leakage is avoided, and the security of private data is improved.
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to fall within the scope of the application.
As shown in fig. 1, a flowchart of an embodiment of a data processing method provided by the present application may be applied to a first party, where the first party may correspond to a first set, and the first set may include a plurality of first elements, and the method may include the following steps.
S11: and adding the random number with the target length to each first element to obtain a first bit-filling element.
S12: and according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using the target salt value to obtain a plurality of first calculated values.
S13: a first result set of a plurality of first calculated values is sent to a second party.
S14: an intersection set sent by the second party is received.
The technical scheme of the application is suitable for a two-party unbalanced PSI scene, and for convenience of description, the party with more elements in the set can be called as a first party, the first party can correspond to the first set, and the first set can comprise a plurality of first elements. And the party with the smaller number of elements in the set is called a second party, the second party can correspond to the second set, and the second set can comprise a plurality of second elements.
For the first participant, for each first element item_i in the first set A After adding the random number with the target length len to the first element, obtaining a first bit-compensating element P corresponding to the first element A :P A =item_i A |rand_i A . Wherein rand_i A Representing a random number, the target length of which may be predetermined.
And then, performing secure hash calculation on the first bit-supplementing element by utilizing a secure hash function to obtain a first calculated value. Specifically, the first participant and the second participant may negotiate in advance to obtain the target salt value and the target cycle number for the secure hash calculation, so that the secure hash calculation may be performed on the first bit-filling element by using the target salt value according to the target cycle number to obtain the corresponding first calculated value. The predetermined process of the target salt value and the target cycle number will be described in the following embodiments.
The bit-filling and secure hash computation may be performed on each first element in the first set, so as to obtain a plurality of first computed values, and the plurality of first computed values may form a first result set. The first party may send the first result set to the second party, which makes an intersection set determination.
The process of intersection set determination by the second party is described below in connection with a flowchart of another embodiment of a data processing method as shown in fig. 2. In this embodiment, the method may be applied to a second participant, where the second participant may correspond to a second set, and the second set may include a plurality of second elements, and the method may include the following steps.
S21: a first result set sent by a first participant is received.
S22: and respectively adding a plurality of candidate random numbers in a preset value range to each second element, and then obtaining a second bit-supplementing element.
S23: and according to the target cycle times, performing secure hash calculation on the plurality of second bit-supplementing elements by using the target salt value to obtain a plurality of second calculated values.
S24: an intersection set is determined based on a plurality of target calculation values located in the first result set among the plurality of second calculation values.
S25: the intersection set is sent to the first party.
For the second party, after receiving the first result set sent by the first party, an exhaustive calculation of the random number used by the first party may be performed. Specifically, for each second element item_i in the second set B After a plurality of candidate random numbers in a preset value range are respectively added to the second element, a second bit-supplementing element P corresponding to the second element is obtained B :P B =item_i B |j,j∈(0,2 len ). Wherein j represents a candidate random number, (0, 2) len ) Representing a preset value range, len representing a target length.
And then, performing secure hash calculation on the second bit-supplementing element by utilizing a secure hash function to obtain a second calculated value. Specifically, according to the target cycle number, the target salt value may be used to perform secure hash calculation on the second bit-filling element, so as to obtain a corresponding second calculated value.
The above-described exhaustive bit-filling and secure hash computation process may be performed on each second element in the second set, thereby obtaining a plurality of second computed values. And if a certain second calculated value is positioned in the first result set in the plurality of second calculated values, putting the second calculated value into the intersection set, thereby realizing the determination of the intersection set.
After obtaining the intersection set, the second party may send the intersection set to the first party for sharing.
In the embodiment of the application, for each first element, a random number with a target length is added to the first element to obtain a first bit-filling element, and according to the target cycle number, a plurality of first bit-filling elements are subjected to secure hash calculation by using a target salt value to obtain a plurality of first calculated values, and a first result set formed by the plurality of first calculated values is sent to a second party with a smaller element number; the second participant can respectively add a plurality of candidate random numbers in a preset value range to each second element to obtain second bit-supplementing elements, perform secure hash computation on the plurality of second bit-supplementing elements according to target circulation times by utilizing target salt values to obtain a plurality of second computation values, and determine an intersection set based on a plurality of target computation values in the first result set in the plurality of second computation values so as to share the intersection set with the first participant. By performing secure hash calculation, the difficulty of hash collision is increased, the problem that additional data information is revealed due to the fact that a malicious party maliciously collides with a hash value transmitted by another party in a limited time is avoided, and the security of private data is improved.
The procedure of negotiating in advance to determine the target salt value, the target number of cycles, and the target length will be described. Taking the example that the executing subject is the first participant, in some embodiments, before performing the secure hash calculation, the method may further include:
transmitting the first public key to the second party, and receiving the second public key transmitted by the second party;
performing product calculation by using the second public key and the first private key to obtain a first product value;
determining a negotiation value based on the first product value and the second product value; the second product value is obtained by the second party through product calculation based on the received first public key and the second private key;
carrying out hash calculation on the negotiation value to obtain a target salt value;
the target length and the target number of cycles are determined based on the number of first elements included in the first set, the number of second elements included in the second set, and a preset requirement.
In this embodiment, the first and second parties may use a security protocol, such as an ECDH key negotiation algorithm, to negotiate the target salt value for the secure hash.
Specifically, the first party may send its own first public key to the second party and receive the second public key sent by the second party, where the first party may perform product calculation with its own first private key by using the second public key to obtain a first product value, and similarly, the second party may perform product calculation with its own second private key by using the first public key to obtain a second product value.
A negotiation value may be negotiated based on the first product value and the second product value. Then, the negotiation value can be converted into a character string, hash operation is carried out on the converted character string, and the operation result is used as a target salt value in the subsequent secure hash calculation. The specific implementation process may refer to the implementation process in the conventional scheme, and will not be described in detail.
And then, determining the target cycle number in the subsequent secure hash calculation and the target length of the random number in the bit filling process according to the number of elements included in the corresponding sets of the two parties and the preset security requirement. Specifically, the target cycle number can control the collision speed of the hash, the longer the target length of the random number is, the higher the difficulty of brute force cracking is, but the lower the calculation efficiency of the intersection set is. Therefore, the reasonable target cycle number and target length can be determined by combining the number of elements included in the corresponding sets of the two participants and the preset safety requirement.
The target salt value used for the secure hash computation is obtained through negotiation by using a key negotiation algorithm, so that the secure hash computation is carried out on elements in the set, malicious parties are prevented from carrying out violent cracking, and the security of private data is improved.
The above secure hash calculation process will be described below by taking the secure hash function as pbkdf2 as an example.
In some embodiments, the method for the first participant to perform secure hash computation on the plurality of first bit-filling elements by using the target salt value according to the target cycle number to obtain a plurality of first computation values may include:
for each first bit-filling element, according to the target circulation times, performing secure hash calculation on the first bit-filling element by using a target salt value according to the following formula to obtain a first calculated value:
Hb_i = pbkdf2(P A salt, times); where Hb_i represents the first calculated value, pbkdf2 represents the secure hash function, P A Representing a first bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
The method for the second party to obtain a plurality of second calculated values by performing secure hash calculation on the plurality of second bit-filling elements by using the target salt value according to the target cycle number may include:
Ha_i = pbkdf2(P B salt, times); where Ha_i represents the second calculated value, pbkdf2 represents the secure hash function, P B Representing a second bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
The above embodiment shows an implementation manner of performing secure hash calculation by using the pbkdf2 secure hash function, and for other implementation manners of the secure hash function, the implementation manner may be set according to actual requirements, which is not limited by the present application.
As shown in fig. 3, a schematic structural diagram of an embodiment of a data processing apparatus according to the present application may include the following modules.
The first bit-filling module 301 is configured to obtain, for each first element, a first bit-filling element after adding a random number of a target length to the first element;
the first calculation module 302 is configured to perform secure hash calculation on the plurality of first bit-filling elements by using the target salt value according to the target cycle number, to obtain a plurality of first calculated values;
a first sending module 303, configured to send a first result set formed by the plurality of first calculated values to a second party, so that the second party adds, for each second element in a second set, a plurality of candidate random numbers in a preset value range to the second element, to obtain a second bit-filling element, and perform secure hash computation on the plurality of second bit-filling elements by using the target salt value according to the target cycle number, to obtain a plurality of second calculated values, and determine an intersection set based on a plurality of target calculated values in the first result set in the plurality of second calculated values; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set;
A first receiving module 304, configured to receive an intersection set sent by the second party.
In some embodiments, the apparatus may further comprise:
a third sending module, configured to send the first public key to the second party;
a third receiving module, configured to receive a second public key sent by the second party;
the third calculation module is used for carrying out product calculation by utilizing the second public key and the first private key to obtain a first product value;
a fourth calculation module, configured to determine a negotiation value based on the first product value and a second product value, where the second product value is obtained by the second party by performing product calculation based on the received first public key and second private key;
a fifth calculation module, configured to perform hash calculation on the negotiation value to obtain a target salt value;
and the second determining module is used for determining the target length and the target cycle number based on the number of the first elements included in the first set, the number of the second elements included in the second set and a preset requirement.
As shown in fig. 4, a schematic structural diagram of another embodiment of a data processing apparatus according to the present application may include the following modules.
A second receiving module 401, configured to receive a first result set sent by a first participant; the first participant corresponds to a first set, the first set comprises a plurality of first elements, the number of the first elements included in the first set is greater than the number of the second elements included in the second set, the first result set comprises a plurality of first calculated values, each first calculated value is obtained by the first participant through secure hash calculation on a first bit-filling element by utilizing a target salt value according to target cycle times, and the first bit-filling element is obtained by the first participant after adding a random number with a target length to the first elements;
a second bit-filling module 402, configured to, for each second element, respectively add a plurality of candidate random numbers in a preset value range to the second element, and obtain a second bit-filling element;
a second calculation module 403, configured to perform secure hash calculation on the plurality of second bit-filling elements by using the target salt value according to the target cycle number, to obtain a plurality of second calculated values;
a first determining module 404, configured to determine an intersection set based on a plurality of target calculation values located in the first result set from the plurality of second calculation values;
A second sending module 405, configured to send the intersection set to the first participant.
The embodiment of the application also provides a data processing system which can comprise a first participant and a second participant.
The first participant corresponds to a first set, the first set comprises a plurality of first elements, the second participant corresponds to a second set, the second set comprises a plurality of second elements, and the number of the first elements in the first set is greater than the number of the second elements in the second set.
The first participant is used for adding a random number with a target length to each first element to obtain a first bit-supplementing element; according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values; transmitting a first result set of the plurality of first calculated values to a second party; and receiving an intersection set sent by the second participant;
the second participants are used for receiving the first result set sent by the first participants, and for each second element, the second fill element is obtained after a plurality of candidate random numbers in a preset value range are respectively added to the second element; according to the target cycle times, performing secure hash computation on a plurality of second bit-supplementing elements by using the target salt values to obtain a plurality of second computation values; determining an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values; and transmitting the intersection set to the first party.
As shown in fig. 5, a schematic structural diagram of an embodiment of an electronic device according to the present application may include a storage component 501 and a processing component 502.
Storage component 501 stores one or more computer instructions for execution by processing component 502 to implement the data processing method illustrated in the embodiment of fig. 1 or the embodiment of fig. 2.
Of course, the electronic device may necessarily also include other components, such as input/output interfaces, communication components, and the like.
The input/output interface provides an interface between the processing component and a peripheral interface module, which may be an output device, an input device, etc.
The communication component is configured to facilitate wired or wireless communication between the electronic device and other devices, and the like.
The processing component 502 can include one or more processors to execute computer instructions to perform all or part of the steps in the methods described above. Of course, the processing component may also be implemented as one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors or other electronic elements for executing the methods described above.
The storage component 501 is configured to store various types of data to support operations at a terminal. The memory component may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The embodiment of the present application further provides a computer readable storage medium storing a computer program, where the computer program when executed by a computer can implement the data processing method shown in the embodiment of fig. 1 or the embodiment of fig. 2. The computer-readable medium may be contained in the electronic device described in the above embodiment; or may exist alone without being assembled into an electronic device.
The embodiment of the present application further provides a computer program product, which includes a computer program loaded on a computer readable storage medium, where the computer program when executed by a computer can implement the data processing method shown in the embodiment of fig. 1 or the embodiment of fig. 2.
In such embodiments, the computer program may be downloaded and installed from a network, and/or installed from a removable medium. The computer program, when executed by a processor, performs the various functions defined in the system of the application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. A data processing method, applied to a first participant, the first participant corresponding to a first set, the first set including a plurality of first elements, the method comprising:
for each first element, adding a random number with a target length to the first element to obtain a first bit-filling element;
according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values;
the first result set formed by the first calculated values is sent to a second participant, so that the second participant can respectively add a plurality of candidate random numbers in a preset value range to the second elements for each second element in the second set to obtain second bit-supplementing elements, and according to the target circulation times, the second bit-supplementing elements are subjected to secure hash calculation by utilizing the target salt values to obtain a plurality of second calculated values, and an intersection set is determined based on the target calculated values in the first result set; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set;
And receiving an intersection set sent by the second party.
2. The method according to claim 1, wherein the method further comprises:
transmitting the first public key to the second party and receiving the second public key transmitted by the second party;
performing product calculation by using the second public key and the first private key to obtain a first product value;
determining a negotiation value based on the first product value and a second product value, wherein the second product value is obtained by the second participant through product calculation based on the received first public key and second private key;
carrying out hash calculation on the negotiation value to obtain a target salt value;
and determining a target length and a target cycle number based on the number of first elements included in the first set, the number of second elements included in the second set and a preset requirement.
3. The method of claim 1, wherein performing a secure hash calculation on the plurality of first bit-fill elements with the target salt value according to the target number of cycles to obtain a plurality of first calculated values comprises:
for each first bit-filling element, according to the target circulation times, performing secure hash calculation on the first bit-filling element by using a target salt value according to the following formula to obtain a first calculated value:
Hb_i = pbkdf2(P A Salt, times); where Hb_i represents the first calculated value, pbkdf2 represents the secure hash function, P A Representing a first bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
4. A data processing method, applied to a second party, the second party corresponding to a second set, the second set including a plurality of second elements, the method comprising:
receiving a first result set sent by a first participant; the first participant corresponds to a first set, the first set comprises a plurality of first elements, the number of the first elements included in the first set is greater than the number of the second elements included in the second set, the first result set comprises a plurality of first calculated values, each first calculated value is obtained by the first participant through secure hash calculation on a first bit-filling element by utilizing a target salt value according to target cycle times, and the first bit-filling element is obtained by the first participant after adding a random number with a target length to the first elements;
for each second element, respectively adding a plurality of candidate random numbers in a preset value range to the second element to obtain a second bit-supplementing element;
According to the target cycle times, performing secure hash calculation on the plurality of second bit-supplementing elements by using the target salt values to obtain a plurality of second calculated values;
determining an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values;
the intersection set is sent to the first party.
5. The method of claim 4, wherein performing a secure hash calculation on the plurality of second bit-filling elements with the target salt value according to the target number of cycles to obtain a plurality of second calculated values, comprises:
and aiming at each second bit-supplementing element, performing secure hash calculation on the second bit-supplementing element according to the target circulation times by utilizing a target salt value and the following formula to obtain a second calculated value:
Ha_i = pbkdf2(P B salt, times); where Ha_i represents the second calculated value, pbkdf2 represents the secure hash function, P B Representing a second bit-filling element, salt representing a target salt value, and times representing a target number of cycles.
6. A data processing apparatus, comprising:
the first bit-supplementing module is used for adding the random number with the target length to each first element to obtain first bit-supplementing elements;
The first calculation module is used for carrying out safe hash calculation on the plurality of first bit-supplementing elements by utilizing the target salt value according to the target cycle times to obtain a plurality of first calculated values;
the first sending module is configured to send a first result set formed by the plurality of first calculation values to a second party, so that the second party adds, for each second element in the second set, a plurality of candidate random numbers in a preset value range to the second element, to obtain a second bit-filling element, and according to the target cycle number, performs secure hash calculation on the plurality of second bit-filling elements by using the target salt value to obtain a plurality of second calculation values, and determines an intersection set based on a plurality of target calculation values in the first result set in the plurality of second calculation values; wherein the number of second elements included in the second set corresponding to the second party is less than the number of first elements included in the first set corresponding to the first party;
and the first receiving module is used for receiving the intersection set sent by the second party.
7. A data processing apparatus, comprising:
The second receiving module is used for receiving a first result set sent by the first participant; the first participant corresponds to a first set, the first set comprises a plurality of first elements, the number of the first elements included in the first set is greater than the number of the second elements included in a second set corresponding to a second participant, the first result set comprises a plurality of first calculation values, each first calculation value is obtained by the first participant through safe hash calculation on a first bit-filling element by utilizing a target salt value according to target circulation times, and the first bit-filling element is obtained by the first participant after adding a random number with a target length to the first elements;
the second bit supplementing module is used for respectively adding a plurality of candidate random numbers in a preset value range to each second element to obtain second bit supplementing elements;
the second calculation module is used for carrying out safe hash calculation on the plurality of second bit-supplementing elements by utilizing the target salt value according to the target cycle times to obtain a plurality of second calculated values;
a first determining module, configured to determine an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values;
And the second sending module is used for sending the intersection set to the first party.
8. A data processing system comprising a first party and a second party, the first party corresponding to a first set, the first set comprising a plurality of first elements, the second party corresponding to a second set, the second set comprising a plurality of second elements, the first set comprising a greater number of first elements than the second set;
the first participant is configured to, for each first element, add a random number of a target length to the first element, and obtain a first bit-complement element; according to the target cycle times, performing secure hash calculation on the plurality of first bit-supplementing elements by using a target salt value to obtain a plurality of first calculated values; transmitting a first result set of the plurality of first calculated values to a second party; and receiving an intersection set sent by the second participant;
the second party is configured to receive a first result set sent by the first party, and for each second element, respectively add a plurality of candidate random numbers in a preset value range to the second element to obtain a second bit-filling element; according to the target cycle times, performing secure hash computation on a plurality of second bit-supplementing elements by using the target salt values to obtain a plurality of second computation values; determining an intersection set based on a plurality of target calculation values located in the first result set among the plurality of second calculation values; and transmitting the intersection set to the first party.
9. An electronic device is characterized by comprising a storage component and a processing component;
the storage component stores one or more computer instructions; the one or more computer instructions are for execution by the processing component;
the processing component executes the one or more computer instructions to implement the data processing method of any one of claims 1-3, or the data processing method of any one of claims 4-5.
10. A computer-readable storage medium storing a computer program, wherein the computer program when executed by a computer implements the data processing method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310906616.4A CN116628758B (en) | 2023-07-21 | 2023-07-21 | Data processing method, device and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310906616.4A CN116628758B (en) | 2023-07-21 | 2023-07-21 | Data processing method, device and system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116628758A CN116628758A (en) | 2023-08-22 |
| CN116628758B true CN116628758B (en) | 2023-09-22 |
Family
ID=87642181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310906616.4A Active CN116628758B (en) | 2023-07-21 | 2023-07-21 | Data processing method, device and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116628758B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022089014A1 (en) * | 2020-11-02 | 2022-05-05 | 中国银联股份有限公司 | Data encryption method, apparatus and device, data decryption method, apparatus and device, and storage medium |
| CN115065459A (en) * | 2022-06-13 | 2022-09-16 | 青岛大学 | Multi-party privacy set intersection method, device, equipment and storage medium |
| CN115733602A (en) * | 2022-10-28 | 2023-03-03 | 支付宝(杭州)信息技术有限公司 | Method and device for unbalanced privacy set intersection |
| CN116032458A (en) * | 2022-08-23 | 2023-04-28 | 中国电信股份有限公司 | User privacy data processing method and device, storage medium and electronic equipment |
| CN116361649A (en) * | 2023-03-16 | 2023-06-30 | 深圳前海新心数字科技有限公司 | Efficient unbalanced PSI (program specific information) based on bloom filter and hash |
-
2023
- 2023-07-21 CN CN202310906616.4A patent/CN116628758B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022089014A1 (en) * | 2020-11-02 | 2022-05-05 | 中国银联股份有限公司 | Data encryption method, apparatus and device, data decryption method, apparatus and device, and storage medium |
| CN115065459A (en) * | 2022-06-13 | 2022-09-16 | 青岛大学 | Multi-party privacy set intersection method, device, equipment and storage medium |
| CN116032458A (en) * | 2022-08-23 | 2023-04-28 | 中国电信股份有限公司 | User privacy data processing method and device, storage medium and electronic equipment |
| CN115733602A (en) * | 2022-10-28 | 2023-03-03 | 支付宝(杭州)信息技术有限公司 | Method and device for unbalanced privacy set intersection |
| CN116361649A (en) * | 2023-03-16 | 2023-06-30 | 深圳前海新心数字科技有限公司 | Efficient unbalanced PSI (program specific information) based on bloom filter and hash |
Non-Patent Citations (1)
| Title |
|---|
| Efficient Private Set Intersection Based on Functional Encryption;Liyao XIONG 等;2022 4th International Conference on Data Intelligence and Security (ICDIS);第9-15页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116628758A (en) | 2023-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220045994A1 (en) | Fast oblivious transfers | |
| Saqib et al. | A lightweight three factor authentication framework for IoT based critical applications | |
| CN111552978B (en) | Privacy protection set intersection solving method based on DH encryption and Hash table | |
| RU2534944C2 (en) | Method for secure communication in network, communication device, network and computer programme therefor | |
| CN108632261B (en) | Multi-party quantum summation method and system | |
| WO2014209190A1 (en) | Encrypting and storing data | |
| US10389523B2 (en) | Apparatus and method for encrypting and decrypting | |
| US8923519B2 (en) | Method of efficient secure function evaluation using resettable tamper-resistant hardware tokens | |
| Zheng et al. | Secure mutual authentication and key-exchange protocol between PUF-embedded IoT endpoints | |
| CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
| CN114003950A (en) | Federal machine learning method, device, equipment and medium based on safety calculation | |
| CN109194484A (en) | A kind of cross-domain transmission method of token based on shared key | |
| EP3785399B1 (en) | Method for generating on-board a cryptographic key using a physically unclonable function | |
| CN116628758B (en) | Data processing method, device and system and electronic equipment | |
| CN117134945A (en) | Data processing method, system, device, computer equipment and storage medium | |
| CN116961916A (en) | Unmanned aerial vehicle private key processing method, unmanned aerial vehicle and unmanned aerial vehicle private key processing system | |
| CN114499854B (en) | Identity authentication method and system based on wireless sensor network and electronic equipment | |
| CN112134884B (en) | Message serial number updating method | |
| CN113746623B (en) | Threshold key verification method and related equipment | |
| US11223954B2 (en) | Network authentication method, device, and system | |
| EP3193487B1 (en) | Encryption/decryption device and encryption/decryption method | |
| CN110581888A (en) | management method, gateway and system for terminal security session of Internet of things | |
| CN116846554B (en) | Data processing method, device and computer readable storage medium | |
| CN118194332B (en) | Privacy intersection method, device, equipment and medium | |
| CN117574412B (en) | Multiparty privacy exchange method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |