CN116743376B - Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology - Google Patents

Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology Download PDF

Info

Publication number
CN116743376B
CN116743376B CN202310937722.9A CN202310937722A CN116743376B CN 116743376 B CN116743376 B CN 116743376B CN 202310937722 A CN202310937722 A CN 202310937722A CN 116743376 B CN116743376 B CN 116743376B
Authority
CN
China
Prior art keywords
secret sharing
difference
value
confusion
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310937722.9A
Other languages
Chinese (zh)
Other versions
CN116743376A (en
Inventor
张秉晟
吴泽成
任奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202310937722.9A priority Critical patent/CN116743376B/en
Publication of CN116743376A publication Critical patent/CN116743376A/en
Application granted granted Critical
Publication of CN116743376B publication Critical patent/CN116743376B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a multiparty secret sharing data privacy comparison method based on a high-efficiency ciphertext confusion technology, which utilizes the property of an unintentional transmission protocol to realize a method for carrying out confusion processing on difference data, so that any party cannot obtain a plaintext comparison result in the execution process, but can obtain a Boolean secret sharing value of the comparison result through the confusion value; the complex process of converting the arithmetic secret sharing into the Boolean secret sharing in the traditional comparison scheme is replaced by the order-preserving encryption technology based on the secret sharing multiplication, so that the comparison operation is rapidly completed while the safety of data is protected; the application provides a more targeted comparison method for the privacy comparison scene of the public result, can be further expanded into a method suitable for the three-party privacy comparison scene, optimizes the scene with specified requirements, improves the calculation speed of the method and reduces the required communication quantity.

Description

Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
Technical Field
The invention belongs to the technical field of secure multiparty computing, and particularly relates to a multiparty secret sharing data privacy comparison method based on a high-efficiency ciphertext confusion technology.
Background
The Privacy calculation (Privacy calculation) refers to a technical set for realizing data analysis and calculation on the premise of protecting data itself from external leakage, so as to achieve the purpose of 'available invisible' of the data, and realize conversion and release of data value on the premise of fully protecting the data and Privacy security. Today, where importance of data is increasingly prominent, how to efficiently implement various protocols for protecting data privacy by using a privacy computing technology has become a focus of attention and importance for institutions and individuals, for example, in auction bidding, comparison of auction prices needs to be performed under the condition of encrypting price and identity information of an auction partner.
The privacy comparison (Privacy Comparison) refers to a privacy protection protocol that obtains the magnitude relationship of the two values without exposing the specific values of the two values. The privacy comparison protocol is used as a most basic privacy calculation operator and is applied to most privacy calculation protocols such as privacy sorting, federal learning and the like. The currently widely used privacy comparison protocol is based on two technologies of boolean secret sharing and careless transmission, namely, by using the idea of parallel adder, the arithmetic type (additive sharing) to boolean type (exclusive or sharing) conversion is performed on the sign bit of the secret sharing data difference value through the careless transmission protocol, so as to obtain the secret sharing value of the comparison result. If the plaintext value of the comparison result needs to be known, the two parties need to disclose the exclusive or result of the secret sharing value.
The privacy comparison protocols in the paper ABY-A Framework for EfficientMixed-Protocol Secure Two-Party Computation and the paper ABY2.0:improved Mixed-Protocol Secure Two-Party Computation are widely applied to various privacy calculation products, but the protocols have the problems of more communication rounds and large communication traffic in design and are summarized as follows:
(1) In the calculation process of privacy comparison, the ABY and ABY2.0 frameworks obtain a comparison result by adopting a mode of extracting sign bits of two-number difference values. However, in order to obtain the correct secret sharing value of the sign bit, the secret sharing share of the original arithmetic type needs to be converted to the boolean type. Because in most usage scenarios, the data types related to privacy comparison are arithmetic secret sharing, but carry relation exists under the type of arithmetic secret sharing, the value of the sign bit cannot be directly extracted as the sharing share of the comparison result.
(2) Currently, the optimal method for the problem in (1) by ABY and ABY2.0 is to use a parallel adder algorithm based on OT, so that both parties can obtain boolean sharing share of sign bits without revealing plaintext. For secret sharing values of length l bits, communication rounds on the order of O (logl) and OT calculations are required. Frequent communications result in protocols that consume significant amounts of use in the computation process for waiting and receiving information, and significant amounts of OT computation also result in privacy comparisons that produce logl times the traffic of clear text comparisons.
(3) The above solution cannot be optimized for the scenario of the specified requirement. For example, for two scenarios of protecting and disclosing comparison results, the current privacy comparison protocols are consistent, and cannot be improved and optimized for the scenario of disclosing comparison results.
Disclosure of Invention
Aiming at the problems existing in the prior art, the embodiment of the application aims to provide a multiparty secret sharing data privacy comparison method based on an efficient ciphertext confusion technology.
According to a first aspect of an embodiment of the present application, there is provided a method for comparing privacy of data shared by both parties based on efficient ciphertext confusion technology, including:
The party P i carries out confusion processing on the difference value of the two secret sharing values through an careless transmission protocol on the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison;
encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and enabling a party with the confused difference value to obtain a sign bit of an encrypted value;
and taking the sign bit of the order-preserving encryption value and the difference value confusion value as the Boolean share of the privacy comparison result to output.
Further, when the number of participants is equal to 2, P i holds < x 0>i,<x1>i, i ε { A, B }, and the plaintext interval satisfying x 0,x1 is [0,2 t],<x0>i,<x1>i ] the ciphertext interval is [0,2 l ],l≥128。
Further, when the number of the participants is equal to 2, the participant P i performs confusion processing on the difference value of the two secret sharing values through the careless transmission protocol on the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison, including:
P A generates a random number r with a length of l bits and calculates y0=(<x0>A-<x1>A)-r,y1=(<x1>A-<x0>A)-r as two inputs of the OT protocol;
P B generates a random number c, c e 0,1, and uses c as an input to the OT protocol to choose the c-th of the two values provided by P A, i.e., y c=(<xc>A-<xc>A) -r.
Further, when the number of the participants is equal to 2, encrypting the difference value by using a secret sharing based order-preserving encryption technology, and enabling the party with the confused difference value to obtain sign bits of the encrypted value, including:
P A generates (l-t-1) bit random number < a > A,<b>A locally and satisfies- < a > A<<b>A<<a>A, and causes the aliasing difference < Deltax > A=r;PB to generate (l-t-1) bit random number < a > B,<b>B locally and satisfy- < a > B<<b>B<<a>B, and causes the aliasing difference <Δx>B=yc+(<xc>B-<x1-c>B)=(xc-x1-c)-r;
P A and P B calculate the product of < Deltax > and < a > using a secret sharing multiplication based on a Beaver triplet, and further calculate secret sharing order-preserving encryption values < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B of the obfuscated difference;
P B sends the share < z > B to P A,PA to locally restore the order-preserving encrypted value z= < z > A+<z>B of the obfuscated difference;
P A determines the positive and negative conditions of z to obtain the magnitude relation of x c,x1-c after confusion, if z > 0, < res > A =1, otherwise, < res > A =0.
Further, the outputting with the sign bit of the order-preserving encryption value and the difference confusion value as the boolean share of the privacy comparison result includes:
p A takes the boolean share of the privacy comparison result < res > A as output, and P B takes the boolean share of the privacy comparison result < res > B =c as output, and satisfies the final comparison result If res=1 indicates x 0>x1, whereas res=0 indicates x 0≤x1.
According to a second aspect of the embodiment of the present application, there is provided a method for comparing privacy of data shared by both parties based on efficient ciphertext confusion, the method comprising:
The party P i encrypts the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison by using a secret sharing-based order-preserving encryption technology;
and calculating the sum of the difference values of the order-preserving encryption for the participants needing to know the comparison result, thereby obtaining the comparison result.
According to a third aspect of the embodiment of the present application, there is provided a method for comparing privacy of data shared by three secrets based on efficient ciphertext confusion technology, the method comprising:
For a secret sharing value < x 0>i,<x1>i,i∈{A,B,C},PC to be subjected to privacy comparison held by a party P i, splitting the difference value of the secret sharing value held by the party P i into two random numbers < y > A、<y>B, respectively sending the two random numbers to P A,PB,PA and P B, and negotiating a random number e epsilon {0,1} of a confusion difference value together to carry out difference value confusion;
Based on the received random number < y > A or < y > B,PA,PB, encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and obtaining a Boolean sharing share of a privacy comparison result by P C according to the sum of the difference values obtained after the order-preserving encryption of P A,PB;
and P A,PB takes the random number e as the Boolean share of the privacy comparison result to output.
Further, for the secret sharing value < x 0>i,<x1>i,i∈{A,B,C},PC held by the participant P i to be privacy compared, splitting the difference value of the secret sharing value held by the participant P i into two random numbers < y > A+<y>B=<x0-x1>C, respectively sending the two random numbers to P A,PB,PA and P B to negotiate a random number e {0,1} of confusion difference value together for carrying out difference confusion, including:
P A generates a random number < a > A,<b>A with a length of l-t-1 bits locally and satisfies- < a > A<<b>A<<a>A,PB to generate a random number < a > B,<b>B with a length of (l-t-1) bits locally and satisfies- < a > B<<b>B<<a>B;
p A,PB negotiates a random number e {0,1} of the confusion difference together;
P C generates a random number r of length l bits, calculates < y > A =r to send to P A, calculates < y > B=(<x0>C-<x1>C) -r to send to P B;
If e=0, P A gives the aliasing difference <Δx>A=<x0>A-<x1>A+<y>A,PB gives the aliasing difference < Δx > B=<x0>B-<x1>B+<y>B; if e=1, P A gives the aliasing difference <Δx>A=<x1>A-<x0>A-<y>A,PB gives the aliasing difference < Δx > B=<x1>B-<x0>B-<y>B.
According to a fourth aspect of an embodiment of the present application, there is provided an electronic apparatus including:
One or more processors;
A memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of the first, second, or third aspects.
According to a fifth aspect of embodiments of the present application there is provided a computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of the method according to the first, second or third aspects.
The technical scheme provided by the embodiment of the application can comprise the following beneficial effects:
According to the embodiment, the method for confusion processing of the difference data is realized by utilizing the property of an unintentional transmission protocol, so that a plaintext comparison result cannot be obtained by any party in the execution process, but a Boolean secret sharing value of the comparison result can be obtained through the confusion value; the complex process of converting the arithmetic secret sharing into the Boolean secret sharing in the traditional comparison scheme is replaced by the order-preserving encryption technology based on the secret sharing multiplication, so that the comparison operation is rapidly completed while the safety of data is protected; the application provides a more targeted comparison method for the privacy comparison scene of the public result, can be further expanded into a method suitable for the three-party privacy comparison scene, optimizes the scene with specified requirements, improves the calculation speed of the method and reduces the required communication quantity.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a flow chart illustrating a method of comparing privacy of data shared by both parties (protecting the result of the comparison) based on an efficient ciphertext obfuscation technique, according to an example embodiment.
Fig. 2 is a flow chart illustrating a method of comparing privacy of data shared by both parties (disclosing the result of the comparison) based on an efficient ciphertext obfuscation technique, according to an example embodiment.
Fig. 3 is a flowchart illustrating a method for comparing data privacy for three-party secret sharing (protecting comparison results) based on efficient ciphertext obfuscation techniques, according to an example embodiment.
Fig. 4 is a schematic diagram of an electronic device, according to an example embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The term "if" as used herein may be interpreted as "at..once" or "when..once" or "in response to a determination", depending on the context.
Noun interpretation:
1) Inadvertent transmission protocol (Oblivious Transfer, OT)
The inadvertent transmission protocol is a privacy preserving two-party communication protocol that enables two parties to communicate messages in a selective obfuscation. The careless transmission protocol is a basic protocol of cryptography, which enables a receiver of a service to obtain part of information of data input by a sender of the service in an careless manner, and ensures that the receiver of the data cannot acquire the rest of the information except the part of information. Nor does the data sender know which information the receiver has specifically obtained.
2) Secret sharing (SECRET SHARING, SS)
Secret sharing is a low-cost secret sharing, the main idea of which is to split a number x randomly into two or more numbers. In the two-party arithmetic type secret sharing (ARITHMETIC SECRET SHARING), x is split into two ciphertext values < x > A and < x > B of binary length l, and x= (< x > A+<x>B)mod 2l, and similarly, the three-party secret sharing satisfies x= (< x > A+<x>B+<x>C)mod 2l. In the Boolean secret sharing (Boolean SECRET SHARING), thenWhere x j is the value of the jth bit of x in binary.
The two-party multiplication calculation in arithmetic secret sharing means that when two parties possess secret sharing values < x > i,<y>i, i e { a, B } of two numbers x, y, the two parties calculate < z > i by a protocol, and satisfy < z > A+<z>B =z=xy. Industry typically uses the beaver triples generated based on OT (i.e., P i, i e { a, B } possess < a > i,<b>i,<c>i and satisfy c=ab) to calculate < z > A=f<a>A+e<b>A+<c>A and < z > B=ef+f<a>B+e<b>B+<c>B, where e=x-a, f=y-B can be considered as random values.
3) Order preserving encryption (Order-PRESERVING ENCRYPTION, OPE)
The order-preserving encryption is a special encryption scheme for preserving the plaintext order of the ciphertext. The encryption mode can enable the ordering sequence of the ciphertext to be matched with the corresponding plaintext sequence before encryption after a series of data are encrypted, but any information about the plaintext cannot be known through the ciphertext. A simpler order-preserving encryption function is y i=axi+d+noisei, wherein a, d and noise i are random values, and 0.ltoreq.noise i < a is satisfied.
Since this text focuses on the comparison of two digital order-preserving encryption results, it is simplified to calculate y 0-y1=a(x0-x1) +b directly in a secret sharing manner, where-a < b=noise 0-noise1 < a.
In particular implementations, a nonlinear order-preserving encryption function y i=af(xi)+b+noisei may also be employed, where f (x) is an ascending function of constantly greater than 0, e.g., f (x) =e x, sigmoid functionEtc.; the nonlinear order-preserving encryption function y i=af(xi)xi+b+noisei, f (x) are as defined above, and so on.
The method is described below with reference to examples.
Example 1
For a scenario where the comparison result is not disclosed to any of the participants, such as: in a field auction, the price is privacy compared by the sponsor through two third party trusted servers because the price to be bid and the comparison result of each bid need to be kept secret. The auction party splits the price and the identity number into two secret sharing values locally and then sends the two secret sharing values to the two servers P A、PB. The server obtains a secret sharing value of a comparison result through a privacy comparison protocol without disclosing the result, and calculates and reserves the secret sharing value of the price and the identity number of the bidding party with higher bidding by utilizing the secret sharing value, the price and the identity number of the two parties. After multiple comparisons of the flow, the reserved identity number, namely the identity information of the auction party with the highest bid and successful auction, is finally disclosed. As shown in fig. 1, the method for comparing privacy of two-party secret sharing data based on efficient ciphertext confusion technology provided by the application comprises the following steps:
(1.1) the party P i carries out confusion processing on the difference value of the two secret sharing values through an careless transmission protocol on the secret sharing value < x 0>i,<x1>i, i epsilon { A, B } to be subjected to privacy comparison;
Specifically, the method uses two secret sharing values to be privacy compared as protocol inputs, namely P i inputs < x 0>i,<x1>i, i epsilon { A, B }, and satisfies that the plaintext interval of x 0,x1 is [0, the secret interval of 2 t],<x0>i,<x1>i is [0,2 l ], so that the data security needs to be satisfied L is more than or equal to 128. In the implementation, the two parties originally have x 0 and x 1 respectively and share the two parties directly by using random numbers; it is also possible that a series of calculations are performed before the method is performed, and that a one-step comparison operation is required when neither of the two is aware of x 0 and x 1. In this embodiment, x 0 and x 1 are respectively bid information held by two auction parties, and the two parties respectively send the split secret sharing values < x 0>A and < x 1>A to P A, and send the secret sharing values < x 0>B and < x 1>B to P B.
The data obfuscation portion mainly uses the OT protocol to obfuscate the differences, leaving P A unaware of whether the differences that P B subsequently encrypted are x 0-x1 or x 1-x0.
Specifically, a random number r of length l bits is first generated by P A and y0=(<x0>A-<x1>A)-r,y1=(<x1>A-<x0>A)-r is calculated as two inputs to the OT protocol. At the same time, P B generates a random number c, c ε {0,1}, and uses c as an input to the OT protocol to choose the c-th of the two values provided by P A, namely y c=(<xc>A-<xc>A) -r.
After data confusion processing, P A cannot know which specific data P B selects, but P A can directly use r as the result of secret sharing of the difference value; while P B, after obtaining y c, knows that the difference is x c-x1-c, P B still cannot know the specific value of plaintext x c-x1-c due to the protection of the random number r.
(1.2) Encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and enabling the party with the confused difference value to obtain a sign bit of an encrypted value;
Specifically, the order-preserving encryption part is mainly used for carrying out order-preserving encryption and difference making on two numbers to be compared under the condition of secret sharing, and a simpler order-preserving encryption function y i=axi+d+noisei is exemplified in the text, wherein a, d and noise i are random values, and 0 is less than or equal to noise i < a is satisfied. Since this document focuses on the plaintext comparison of two digital order-preserving encryption results, it is simplified to calculate y 0-y1=a(x0-x1) +b directly in a secret sharing manner, where-a < b=noise 0-noise1 < a.
Specifically, P A generates a random number of (l-t-1) bits < a > A,<b>A locally and satisfies- < a > A<<b>A<<a>A, and let the aliasing difference < Δx > A =r; at the same time, P B generates (l-t-1) bit random number < a > B,<b>B locally and satisfies- < a > B<<b>B<<a>B, and makes the confusion difference value <Δx>B=yc+(<xc>B-<x1-c>B)=(xc-x1-c)-r.
The two parties then calculate the product of < Deltax > and < a > using a secret sharing multiplication based on the Beaver triplet, and further calculate secret sharing order-preserving encryption values < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B for the obfuscated differences. Subsequently, P B sends the share < z > B to P A,PA to locally restore the order-preserving encrypted value z= < z > A+<z>B.PA of the confusion difference value, and the magnitude relation of x c,x1-c after confusion can be obtained by judging the positive and negative conditions of z, if z >0, the < res > A =1 is given, and otherwise the < res > A =0 is given.
The security of the step is based on the encryption of the difference value by the order-preserving encryption technology and the plaintext protection of the calculation data by the arithmetic secret sharing technology, so that the scheme can achieve confusion comparison under the condition of protecting the plaintext difference value. And even if P A knows the value of z, in an attempt to crack deltax with violent enumeration, it is necessary to enumerate all cases of-2 l-t-1<<b>B<<a>B<2l-t-1 and only obtain several possible values of deltax from which the correct one cannot be obtained.
In the sequence preserving encryption calculation process, the value range of the random number is controlled, so that the condition that the value of z cannot overflow in the range is ensured, and the correctness of the sequence preserving encryption result is ensured.
(1.3) Taking sign bits of the order-preserving encryption value and a difference value confusion value as Boolean sharing shares of privacy comparison results to output;
After the above calculation is completed, P A outputs the boolean share of comparison result < res > A as a protocol, and P B outputs the boolean share of comparison result < res > B =c as a protocol. And meets the final comparison result If res=1 indicates x 0>x1, whereas res=0 indicates x 0≤x1.
In the whole method, P B specifies who is the reduction and who is the reduction for two numbers of x 0,x1 while using c generated randomly as the difference confusion value, this operation directly results in whether the final result res will be inverted, i.e. when c=1, the difference x 1-x0 is inverted. The value of c can thus be used to correct the true value of the comparison result obtained by P A, the truth table of the privacy comparison output is shown in table 1 below.
Table 1 secret sharing result truth table for privacy comparison
In the scene of keeping secret the price of the achievement and only publishing the identity of the auction subject with the highest bid, the method can carry out efficient privacy comparison on each bid and the current highest price, so that all auction subjects can quickly obtain the identity of the auction subject with the highest bid under the condition that the bid is not known. The protocol can improve the comparison speed and reduce the communication quantity required by comparison while meeting the auction privacy protection condition.
Example 2
Compared with the embodiment 1, the method for comparing the privacy of the data shared by two parties based on the efficient ciphertext confusion technology under the scene that the comparison result is disclosed to at least one party does not need the data confusion process of the step (1.1), but directly carries out order-preserving encryption, and enables one party or two parties needing to know the comparison result to disclose the value of z so as to obtain the comparison result.
In an auction, the sponsor makes a privacy comparison of the price through two third party trusted servers P A、PB, as it is necessary to keep the price of the deal secret. When the quotation secrets of the two auction parties are required to be higher or lower, the two auction parties are required to split the respective prices into two secret sharing values locally and send the two secret sharing values to the two servers respectively. The server needs to calculate the auction party with higher bidding price by using the secret sharing value, and in the process of bidding, the server publishes the comparison result of each bidding, and then the server calculates by using the following method, and the specific flow is shown in fig. 2, including:
(2.1) the party P i encrypts the difference value of the secret sharing value < x 0>i,<x1>i, i epsilon { A, B } to be subjected to privacy comparison, which is held by the party P i, by using a secret sharing-based order-preserving encryption technology;
Specifically, in this embodiment, x 0 and x 1 are respectively bid information held by two-bit auction parties, the two parties respectively send the split secret sharing values < x 0>A and < x 1>A to P A, send the secret sharing values < x 0>B and < x 1>B to P B.PA to generate a random number < a > A,<b>A with (l-t-1) bits locally, and satisfy- < a > A<<b>A<<a>A, and make the confusion difference value < Δx > A=<x0>A-<x1>A; at the same time, P B generates a random number < a > B,<b>B of (l-t-1) bits locally, and satisfies- < a > B<<b>B<<a>B, and makes the aliasing difference < Deltax > B=<x0>B-<x1>B.
The two parties then calculate the product of < Deltax > and < a > using a secret sharing multiplication based on the Beaver triplet, and further calculate secret sharing order-preserving encryption values < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B for the obfuscated differences.
(2.2) Calculating the sum of the difference values of the order-preserving encryption for the participants needing to know the comparison result, thereby obtaining the comparison result.
Specifically, for the party needing to know the comparison result, locally restoring the order-preserving encryption value z= < z > A+<z>B of the confusion difference value, the magnitude relation of x 0,x1 is obtained by judging the positive and negative conditions of z, if z > 0, let res=1, say x 0>x1, otherwise let res=0, say x 0≤x1.
In the secret scene of the price of the exchange, the method can carry out high-efficiency privacy comparison on each quotation, so that the two parties can quickly obtain the comparison result of each quotation under the condition that the two parties do not know the quotation, and the comparison speed is improved and the communication quantity required by comparison is reduced while meeting the condition that the price of the auction needs to be secret.
Example 3
The application also provides a method for comparing the privacy of the secret sharing data of the three parties based on the efficient ciphertext confusion technology, wherein the secret sharing of the three parties can be converted into the secret sharing of the two parties, namely, the PC splits the difference value held by the PC into two random numbers < y > A+<y>B=<x0-x1>C and sends the two random numbers < y > A+<y>B=<x0-x1>C to the P A,PB respectively. Then P A,PB negotiates a random number e E {0,1} of the confusion difference value together for the confusion difference value, then after encryption by two parties of order preservation, the share < z > A,<z>B is sent to P C for revealing and comparing, finally secret shares e and s of the comparison result are obtained, and the real comparison result is satisfied
In a field auction, the sponsor makes a more rapid privacy comparison of the price through three third party trusted servers P A、PB、PC, as the price of the deal needs to be kept secret. The auction party splits the price and the identity number into two secret sharing values locally and then sends the two secret sharing values to three servers. The server obtains a secret sharing value of a comparison result through a privacy comparison protocol without disclosing the result, calculates and reserves the secret sharing value of the price and the identity number of the auction party with higher bidding by utilizing the secret sharing value, the price and the identity number of the two parties, and finally discloses the reserved identity number, namely the identity information of the auction party with highest bidding and successful bidding after multiple comparisons of the processes. As shown in fig. 3, the method may include the steps of:
(3.1) splitting the difference value of the secret sharing value held by the party P i to be subjected to privacy comparison into two random numbers (y) A+<y>B=<x0-x1>C by using the secret sharing value < x 0>i,<x1>i,i∈{A,B,C},PC held by the party P i to be subjected to privacy comparison, respectively sending the two random numbers to P A,PB,PA,PB to negotiate a random number e epsilon {0,1} of the confusion difference value together so as to carry out difference value confusion;
Specifically, x 0 and x 1 are respectively bid information held by two auction parties, the two parties respectively send split secret sharing values < x 0>A and < x 1>A to P A, the secret sharing values < x 0>B and < x 1>B are sent to P B, The secret sharing values < x 0>C and < x 1>C are sent to P C.PA to generate locally a random number < a > A,<b>A of length l-t-1 bits, And satisfies- < a > A<<b>A<<a>A,PB to generate (l-t-1) bit random number < a > B,<b>B locally, and satisfies- < a > B<<b>B<<a>B,PA,PB to negotiate a random number e {0, 1}; P C generates a random number r of length l bits, calculates < y > A =r to send to P A, calculates < y > B=(<x0>C-<x1>C) -r to send to P B; If e=0, P A gives the aliasing difference <Δx>A=<x0>A-<x1>A+<y>A,PB gives the aliasing difference < Δx > B=<x0>B-<x1>B+<y>B; if e=1, P A gives the aliasing difference <Δx>A=<x1>A-<x0>A-<y>A,PB gives the aliasing difference < Δx > B=<x1>B-<x0>B-<y>B. I.e., <Δx>A=<xe-x1-e>A,<Δx>B=<xe-x1-e>B, and < deltax > A+<Δx>B=xe-x1-e.
(3.2) Encrypting the difference values by using a secret sharing-based order-preserving encryption technology based on the received random number < y > A or < y > B,PA,PB respectively, and obtaining the Boolean sharing share of the privacy comparison result by P C according to the sum of the difference values after the order-preserving encryption of P A,PB;
Specifically, P A,PB calculates the product of < Δx > and < a > by using the secret sharing multiplication based on the Beaver triplet, and further calculates the secret sharing order-preserving encryption value of the confusion difference < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B,PC to calculate z= < z > A+<z>B,PC, and the magnitude relation of x e,x1-e after confusion can be obtained by judging the positive and negative conditions of z, if z > 0, s=1, x e>x1-e is illustrated, otherwise s=0, x e<x1-e is illustrated, and the boolean sharing share is taken as the privacy comparison result at the P C end.
(3.3) P A,PB outputs the boolean share with the random number e as the privacy comparison result;
Specifically, e is used to control the value of Δx, if e=0, Δx=x0-x 1; if e=1, Δx=x1-x 0.
In the scene of keeping secret the price of the achievement and only publishing the identity of the auction subject with the highest bid, the method can carry out efficient privacy comparison on each bid and the current highest price, so that all auction subjects can quickly obtain the identity of the auction subject with the highest bid under the condition that the bid is not known. The protocol can improve the comparison speed while meeting the auction privacy protection condition, reduce the communication quantity required by comparison, and further improve the comparison speed compared with the situation of two servers.
In the comparison scheme of ABY, ABY2.0, for a length ofSecret sharing value of (a), needThe magnitude of the communication turns and OT calculation also causes the problem of excessive traffic. The following table lists traffic of different schemes in the offline phase, traffic in the online phase, and traffic rounds, where λ is the security factor.
The application uses the order-preserving encryption technology based on secret sharing multiplication to replace the idea of arithmetic secret sharing and Boolean secret sharing conversion in the traditional scheme, so that the expenditure of the application in an offline stage is mainly the Beaver triplet required by calculating the secret sharing multiplication, and only 1 round of OT value transmission and 1 round of secret sharing multiplication required transmission are required in an online stage. As shown in table 2, it is apparent that the present application is superior to the existing scheme in both the on-line phase traffic and the number of communication rounds.
Table 2 traffic volume and traffic round comparison table
The above solution cannot be optimized for the scenario of the specified requirement. For example, for two scenarios of protecting and disclosing comparison results, the current privacy comparison protocols are consistent, and cannot be improved and optimized for the scenario of disclosing comparison results. The present application can utilize the scheme of embodiment 2 to make privacy comparison requiring disclosure of comparison results require less communication overhead and communication rounds.
Correspondingly, the application also provides electronic equipment, which comprises: one or more processors; a memory for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the multi-party secret sharing data privacy comparison method based on efficient ciphertext confusion techniques as described above. As shown in fig. 4, a hardware structure diagram of any device with data processing capability, except for the processor, the memory and the network interface shown in fig. 4, where the device with data processing capability in the embodiment is located, may include other hardware according to the actual function of the device with data processing capability, which is not described herein.
Correspondingly, the application also provides a computer readable storage medium, wherein computer instructions are stored on the computer readable storage medium, and the instructions are executed by a processor to realize the multiparty secret sharing data privacy comparison method based on the efficient ciphertext confusion technology. The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory, of any of the data processing enabled devices described in any of the previous embodiments. The computer readable storage medium may also be an external storage device, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), an SD card, a flash memory card (FLASH CARD), etc. provided on the device. Further, the computer readable storage medium may include both internal storage units and external storage devices of any device having data processing capabilities. The computer readable storage medium is used for storing the computer program and other programs and data required by the arbitrary data processing apparatus, and may also be used for temporarily storing data that has been output or is to be output.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof.

Claims (7)

1. A method for comparing privacy of secret sharing data of two parties based on an efficient ciphertext confusion technology is characterized by comprising the following steps:
The party P i carries out confusion processing on the difference value of the two secret sharing values through an careless transmission protocol on the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison;
encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and enabling a party with the confused difference value to obtain a sign bit of an encrypted value;
the sign bit of the order-preserving encryption value and the difference value confusion value are used as Boolean sharing shares of privacy comparison results to be output;
Wherein, when the number of participants is equal to 2, P i holds < x 0>i,<x1>i, i ε { A, B }, and the plaintext interval satisfying x 0,x1 is [0,2 t],<x0>i,<x1>i ] the ciphertext interval is [0,2 l ],
When the number of the participants is equal to 2, encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and enabling the party with the confused difference value to obtain a sign bit of the encrypted value, wherein the method comprises the following steps:
P A generates (l-t-1) bit random number < a > A,<b>A locally and satisfies- < a > A<<b>A<<a>A, and causes the aliasing difference < Deltax > A=r;PB to generate (l-t-1) bit random number < a > B,<b>B locally and satisfy- < a > B<<b>B<<a>B, and causes the aliasing difference <Δx>B=yc+(<xc>B-<x1-c>B)=(xc-x1-c)-r;
P A and P B calculate the product of < Deltax > and < a > using a secret sharing multiplication based on a Beaver triplet, and further calculate secret sharing order-preserving encryption values < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B of the obfuscated difference;
P B sends the share < z > B to P A,PA to locally restore the order-preserving encrypted value z= < z > A+<z>B of the obfuscated difference;
P A determines the positive and negative conditions of z to obtain the magnitude relation of x c,x1-c after confusion, if z > 0, < res > A =1, otherwise, < res > A =0.
2. The method according to claim 1, wherein when the number of participants is equal to 2, the participant P i performs confusion processing on the difference between the two secret sharing values by means of an careless transmission protocol on the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison, which is held by the participant P i, and the method comprises:
P A generates a random number r with a length of l bits and calculates y0=(<x0>A-<x1>A)-r,y1=(<x1>A-<x0>A)-r as two inputs of the OT protocol;
P B generates a random number c, c e 0,1, and uses c as an input to the OT protocol to choose the c-th of the two values provided by P A, i.e., y c=(<xc>A-<xc>A) -r.
3. The method of claim 1, wherein outputting the sign bit of the order-preserving encrypted value and the difference confusion value as boolean shares of the privacy comparison result comprises:
p A takes the boolean share of the privacy comparison result < res > A as output, and P B takes the boolean share of the privacy comparison result < res > B =c as output, and satisfies the final comparison result If res=1 indicates x 0>x1, whereas res=0 indicates x 0≤x1.
4. A method for comparing privacy of secret sharing data of two parties based on an efficient ciphertext confusion technology is characterized by comprising the following steps:
The party P i encrypts the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison by using a secret sharing-based order-preserving encryption technology;
Calculating the sum of the difference values of the order-preserving encryption for the participants needing to know the comparison result, thereby obtaining the comparison result;
Wherein P i holds < x 0>i,<x1>i, i ε { A, B }, and the plaintext interval satisfying x 0,x1 is [0,2 t],<x0>i,<x1>i ] the ciphertext interval is [0,2 l ],
The party P i encrypts the difference value of the two secret sharing values by using a secret sharing-based order-preserving encryption technology, wherein the secret sharing value < x 0>i,<x1>i to be subjected to privacy comparison is held by the party P i, and the method comprises the following steps:
P A generates (l-t-1) bit random number < a > A,<b>A locally and satisfies- < a > A<<b>A<<a>A, and causes aliasing difference < Deltax > A=<x0>A-<x1>A;PB to generate (l-t-1) bit random number < a > B,<b>B locally and satisfy- < a > B<<b>B<<a>B, and causes aliasing difference < Deltax > B=<x0>B-<x1>B;
Both parties calculate the product of < deltax > and < a > using a secret sharing multiplication based on the Beaver triplet and further calculate secret sharing order-preserving encryption values < z > A=<a·Δx>A+<b>A and < z > B=<a·Δx>B+<b>B for the obfuscated differences.
5. A three-party secret sharing data privacy comparison method based on a high-efficiency ciphertext confusion technology is characterized by comprising the following steps:
For a secret sharing value < x 0>i,<x1>i,i∈{A,B,C},PC to be subjected to privacy comparison held by a party P i, splitting the difference value of the secret sharing value held by the party P i into two random numbers < y > A、<y>B, respectively sending the two random numbers to P A,PB,PA and P B, and negotiating a random number e epsilon {0,1} of a confusion difference value together to carry out difference value confusion;
Based on the received random number < y > A or < y > B,PA,PB, encrypting the difference value by using a secret sharing-based order-preserving encryption technology, and obtaining a Boolean sharing share of a privacy comparison result by P C according to the sum of the difference values obtained after the order-preserving encryption of P A,PB;
P A,PB takes the random number e as the Boolean share of the privacy comparison result to output;
Wherein, for the secret sharing value < x 0>i,<x1>i, i e { A, B, C } held by the party P i itself and to be privacy compared, the secret interval satisfying the plaintext interval of x 0,x1 as [0,2 t],<x0>i,<x1>i is [0,2 l ], P C splits the difference of the secret sharing value held by itself into two random numbers < y > A+<y>B=<x0-x1>C, and sends the two random numbers < y > A+<y>B=<x0-x1>C to P A,PB,PA and P B respectively to negotiate a random number e epsilon {0,1} of the confusion difference together for carrying out difference confusion, which comprises the following steps:
P A generates a random number < a > A,<b>A with a length of l-t-1 bits locally and satisfies- < a > A<<b>A<<a>A,PB to generate a random number < a > B,<b>B with a length of (l-t-1) bits locally and satisfies- < a > B<<b>B<<a>B;
p A,PB negotiates a random number e {0,1} of the confusion difference together;
P C generates a random number r of length l bits, calculates < y > A =r to send to P A, calculates < y > B=(<x0>C-<x1>C) -r to send to P B;
If e=0, P A gives the aliasing difference <Δx>A=<x0>A-<x1>A+<y>A,PB gives the aliasing difference < Δx > B=<x0>B-<x1>B+<y>B; if e=1, P A gives the aliasing difference <Δx>A=<x1>A-<x0>A-<y>A,PB gives the aliasing difference < Δx > B=<x1>B-<x0>B-<y>B.
6. An electronic device, comprising:
One or more processors;
A memory for storing one or more programs;
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-5.
7. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to any of claims 1-5.
CN202310937722.9A 2023-07-28 2023-07-28 Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology Active CN116743376B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310937722.9A CN116743376B (en) 2023-07-28 2023-07-28 Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310937722.9A CN116743376B (en) 2023-07-28 2023-07-28 Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology

Publications (2)

Publication Number Publication Date
CN116743376A CN116743376A (en) 2023-09-12
CN116743376B true CN116743376B (en) 2024-08-02

Family

ID=87908210

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310937722.9A Active CN116743376B (en) 2023-07-28 2023-07-28 Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology

Country Status (1)

Country Link
CN (1) CN116743376B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938455B (en) * 2023-09-15 2023-12-12 山东师范大学 Data processing method and system based on secret sharing size comparison
CN118378302B (en) * 2024-06-24 2024-08-20 浪潮(北京)电子信息产业有限公司 Data processing method, device, program product and medium based on secret sharing

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708930A (en) * 2021-10-20 2021-11-26 杭州趣链科技有限公司 Data comparison method, device, equipment and medium for private data

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102667837B1 (en) * 2017-08-30 2024-05-21 인퍼, 인코포레이티드 High-precision privacy-preserving real-value function evaluation
CN115102693A (en) * 2022-05-23 2022-09-23 清华大学 Privacy protection sequence NJ tree construction method and system based on multi-party security calculation
CN115766073A (en) * 2022-09-29 2023-03-07 华北电力大学 Energy storage data sharing method supporting secure multi-party computing privacy protection
CN115795514A (en) * 2022-12-21 2023-03-14 绿盟科技集团股份有限公司 Private information retrieval method, device and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708930A (en) * 2021-10-20 2021-11-26 杭州趣链科技有限公司 Data comparison method, device, equipment and medium for private data

Also Published As

Publication number Publication date
CN116743376A (en) 2023-09-12

Similar Documents

Publication Publication Date Title
CN110719158B (en) Edge calculation privacy protection system and method based on joint learning
WO2022237450A1 (en) Secure multi-party computation method and apparatus, and device and storage medium
CN116743376B (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
CN107196926B (en) Cloud outsourcing privacy set comparison method and device
KR100857323B1 (en) Methods, devices and systems for generating anonymous public keys in a secure communication system
CN111130803B (en) Method, system and device for digital signature
CN108989047A (en) A kind of communicating pair collaboration endorsement method and system based on SM2 algorithm
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
WO2015080896A1 (en) Server-aided private set intersection (psi) with data transfer
CN114726512B (en) Data processing method and device
WO2020168546A1 (en) Secret key migration method and apparatus
US10530581B2 (en) Authenticated broadcast encryption
WO2024138854A1 (en) Method and system for protecting privacy in federated learning prediction stage
CN112261015B (en) Information sharing method, platform, system and electronic equipment based on block chain
CN117353912A (en) Three-party privacy set intersection base number calculation method and system based on bilinear mapping
CN117278210A (en) Random careless transmission expansion method based on trusted execution environment and related device
CN115412246B (en) Method, device, equipment and storage medium for inadvertent transmission
US12132838B2 (en) Secret code verification protocol
CN111046408A (en) Judgment result processing method, query method, device, electronic equipment and system
CN114866312B (en) Shared data determining method and device for protecting data privacy
CN115564447A (en) Credit card transaction risk detection method and device
CN114726580A (en) Data processing method and device
CN113330712A (en) Encryption system and method using permutation group-based encryption technology
CN111368309A (en) Information processing method, system and equipment
US11451521B2 (en) Systems and methods for encrypted data transmission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant