CN117056978A - Security union checking method based on arithmetic sharing and operation method thereof - Google Patents

Security union checking method based on arithmetic sharing and operation method thereof Download PDF

Info

Publication number
CN117056978A
CN117056978A CN202311111312.5A CN202311111312A CN117056978A CN 117056978 A CN117056978 A CN 117056978A CN 202311111312 A CN202311111312 A CN 202311111312A CN 117056978 A CN117056978 A CN 117056978A
Authority
CN
China
Prior art keywords
algorithm
union
security
list
searching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311111312.5A
Other languages
Chinese (zh)
Inventor
程珂
王靖淇
付家瑄
范若璐
宋安霄
张志为
祝幸辉
沈玉龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202311111312.5A priority Critical patent/CN117056978A/en
Publication of CN117056978A publication Critical patent/CN117056978A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a secure union method based on arithmetic sharing and an operation method thereof, which are applied to the technical field of secure multiparty computation, wherein the operation method comprises the following steps: generating a security union checking initialization algorithm based on arithmetic sharing, and completing initialization of the union checking by using the security union checking initialization algorithm; generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm; and generating a security union check set union algorithm according to the security union check set search algorithm, the security list index algorithm and the security comparison protocol, and completing the union of the union check sets by utilizing the security union check set union algorithm. In this way, higher computational efficiency may be provided while protecting user data privacy.

Description

Security union checking method based on arithmetic sharing and operation method thereof
Technical Field
The invention relates to the technical field of secure multiparty computing, in particular to a secure union method based on arithmetic sharing and an operation method thereof.
Background
The searching set is an efficient data structure and is generally used for processing the problems of combination, aggregation and the like, and the core idea of the searching set is to divide elements into a plurality of disjoint sets, so that whether two elements belong to the same set can be rapidly judged, and two different sets can be rapidly combined. In a real application scenario, a large amount of user data is stored and calculated based on a data structure of a union set, however, the user data may include sensitive information such as medical information, track information, family information, and the like. With the increasing privacy protection demands of users, there is a need to design a secure and search-and-gather operation method.
The secure multiparty computing technology provides a feasible way for solving the problems, and the existing secure parallel checking operation method utilizes various operation operations based on the secret sharing technology provided by the general ciphertext computing library such as ABY and the like to realize operations such as initialization, search, merging and the like of parallel checking sets. However, protection of the data access mode cannot be achieved, and whether different elements belong to the same set can still be judged through the data access mode. The method has the problems of high performance cost, low operation precision, no support of parallel computation, no resistance to access mode attack and the like.
Disclosure of Invention
In view of the above, the present invention provides a secure union method based on arithmetic sharing and an operation method thereof.
According to the first aspect of the invention, a security union method based on arithmetic sharing is provided, and the security union method is applied to a double-cloud outsourcing server. The algorithm comprises the following steps:
an arithmetic sharing-based security union initialization algorithm;
generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm;
and generating a security union searching algorithm according to the security union searching algorithm, the security list indexing algorithm and the security comparison protocol.
According to a second aspect of the invention, an arithmetic method of a secure union method based on arithmetic sharing is provided, and the arithmetic method is applied to a double-cloud outsourcing server. The operation method comprises the following steps:
generating a security union checking initialization algorithm based on arithmetic sharing, and completing initialization of the union checking by using the security union checking initialization algorithm;
generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm;
and generating a security union check set union algorithm according to the security union check set search algorithm, the security list index algorithm and the security comparison protocol, and completing the union of the union check sets by utilizing the security union check set union algorithm.
In some implementations of the second aspect, generating a secure and find set initialization algorithm based on arithmetic sharing, the initializing of the set using the secure and find set initialization algorithm includes:
based on arithmetic sharing, carrying out encryption sharing on the N multi-element lists to generate 2N secret sharing lists;
and allocating corresponding father nodes and ranks for the secret sharing list, and completing initialization of the union.
In some implementations of the second aspect, generating the security and challenge lookup algorithm according to the security list indexing algorithm, the security list querying algorithm, the security list updating algorithm includes:
generating an initial security and search set searching algorithm according to the security list indexing algorithm;
and generating a final security union searching algorithm according to the initial security union searching algorithm, the security list inquiring algorithm and the security list updating algorithm.
In some implementations of the second aspect, the performing the search of the union using a secure union search algorithm includes:
obtaining the index of the father node according to a safety list index algorithm;
obtaining a sharing mask of the parent node by utilizing a safe list query algorithm according to the index and the auxiliary index of the parent node;
circularly executing an initial security and searching set searching algorithm, and circularly calling a security list searching algorithm and a security list updating algorithm until the number of times of circulation reaches a preset threshold value to obtain a root node corresponding to a father node;
circularly executing a safe list updating algorithm until the cycle times reach a preset threshold value, outputting a shared mask and a shared value of a root node corresponding to a father node, and completing searching of a search set; wherein the shared mask is used to hide the data access pattern.
In some implementations of the second aspect, generating the security union algorithm from the security union lookup algorithm, the security list indexing algorithm, and the security comparison protocol includes:
combining a security union searching algorithm, a security list indexing algorithm and a security comparison protocol to generate a security union searching algorithm; wherein,
a security union search algorithm for searching the mask of a given element and its corresponding root element; the mask is used to hide the data access pattern;
the safety list index algorithm is used for acquiring the rank of the corresponding root element;
a secure comparison protocol for obtaining the status indication variable.
In some implementations of the second aspect, the merging of the union sets is accomplished with a secure union set and algorithm, including:
searching the mask of each given element and the corresponding root element thereof by utilizing a security union searching algorithm;
according to the mask of each given element, acquiring the rank of the corresponding root element by utilizing a safety list index algorithm;
according to the root element of each given element and the rank of the root element, a safety comparison protocol is utilized to obtain a state indication variable;
generating auxiliary variables according to the state indicating variables;
and updating the father node and the rank of each given element according to the auxiliary variable, and completing the merging of the union.
In some implementations of the second aspect, obtaining the state indication variable using a secure comparison protocol according to a root element and a rank of the root element for each given element includes:
according to the root element of each given element, a first state indicating variable of each given element is obtained by utilizing a safety comparison protocol;
and obtaining a second state indicating variable and a third state indicating variable of each given element by using a safety comparison protocol according to the rank of the root element.
In some implementations of the second aspect, generating the auxiliary variable from the status indicating variable includes:
generating a first auxiliary variable by using the first state indicating variable and the second state indicating variable according to the root element of each given element;
generating a second auxiliary variable using the first state indicating variable and the second state indicating variable according to the mask of each given element;
a third auxiliary variable is generated from the first, second, and third state indicating variables.
In some implementations of the second aspect, updating the parent node and rank of each given element according to the auxiliary variable, completing the merging of the union, includes:
obtaining a first updated value, a second updated value and a third updated value respectively according to the product of the first auxiliary variable and the first state indicating variable, the product of the second auxiliary variable and the first state indicating variable and the product of the third auxiliary variable and the first state indicating variable;
and selecting the maximum update value, and acquiring the father node and rank corresponding to the maximum update value as the new father node and rank of the corresponding set of each given element to finish merging the merging of the merging sets.
In the invention, the data structure and operation are optimally designed for the union, so that the privacy information in the data structure is prevented from being leaked through the data access mode, and higher calculation efficiency is provided while the privacy of the user data is protected.
It should be understood that the description in this summary is not intended to limit the critical or essential features of the embodiments of the invention, nor is it intended to limit the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
The above and other features, advantages and aspects of embodiments of the present invention will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present invention, and without limiting the invention thereto, the same or similar reference numbers indicate the same or similar elements, wherein:
FIG. 1 is a schematic diagram of a secure union method based on arithmetic sharing according to an embodiment of the present invention;
fig. 2 is a flowchart of an operation method of a secure union method based on arithmetic sharing according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Aiming at the problems in the background technology, the invention provides a safe union method based on arithmetic sharing and an operation method thereof.
Specifically, the algorithm includes: an arithmetic sharing-based security union initialization algorithm; generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm; and generating a security union searching algorithm according to the security union searching algorithm, the security list indexing algorithm and the security comparison protocol. The operation method comprises the following steps: generating a security union checking initialization algorithm based on arithmetic sharing, and completing initialization of the union checking by using the security union checking initialization algorithm; generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm; and generating a security union check set union algorithm according to the security union check set search algorithm, the security list index algorithm and the security comparison protocol, and completing the union of the union check sets by utilizing the security union check set union algorithm.
In this way, operations such as initialization, search, merging and the like of the union can be efficiently performed while protecting the privacy of data, and the operation precision is high, parallel computing is supported, and the access mode can be hidden.
The invention provides a secure union method based on arithmetic sharing and an operation method thereof, which are more specifically described below with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a schematic diagram of a secure union method based on arithmetic sharing according to an embodiment of the present invention; as shown in fig. 1, a secure union method 100 based on arithmetic sharing may include:
a security union initialization algorithm 110 based on arithmetic sharing;
the generated security union lookup algorithm 120 according to the security list indexing algorithm, the security list query algorithm, the security list update algorithm;
the security union lookup algorithm 130 is generated according to the security union lookup algorithm, the security list indexing algorithm, and the security comparison protocol.
FIG. 2 is a flowchart of an operation method of a secure union method based on arithmetic sharing according to an embodiment of the present invention; as shown in fig. 2, an operation method 200 of the secure union method based on arithmetic sharing may include:
s210, generating a security union initialization algorithm based on arithmetic sharing, and completing initialization of the union by using the security union initialization algorithm.
Specifically, based on arithmetic sharing, carrying out encryption sharing on the N multi-element lists to generate 2N secret sharing lists; and allocating corresponding father nodes and ranks for the secret sharing list, and completing initialization of the union.
S220, generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm.
Specifically, generating an initial security and set searching algorithm according to a security list indexing algorithm; and generating a final security union searching algorithm according to the initial security union searching algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm.
Further, the searching of the union is completed by utilizing a secure union searching algorithm, which can comprise:
obtaining the index of the father node according to a safety list index algorithm;
obtaining a sharing mask of the parent node by utilizing a safe list query algorithm according to the index and the auxiliary index of the parent node;
circularly executing an initial security and searching set searching algorithm, and circularly calling a security list searching algorithm and a security list updating algorithm until the number of times of circulation reaches a preset threshold value to obtain a root node corresponding to a father node;
circularly executing a safe list updating algorithm until the cycle times reach a preset threshold value, outputting a shared mask and a shared value of a root node corresponding to a father node, and completing searching of a search set; wherein the proposed shared mask is used to hide the data access pattern when the algorithm is executed.
S230, generating a security union check set union algorithm according to the security union check set search algorithm, the security list index algorithm and the security comparison protocol, and completing union of the union check sets by utilizing the security union check set union algorithm.
Specifically, a security union check set searching algorithm, a security list indexing algorithm and a security comparison protocol are combined to generate a security union check set union algorithm, and the security union check set union algorithm is utilized to complete union of the union check sets. The method comprises the steps of carrying out a first treatment on the surface of the Wherein,
a security union search algorithm for searching the mask of a given element and its corresponding root element; the mask is provided to hide the data access pattern when the algorithm is executed.
The safety list index algorithm is used for acquiring the rank of the corresponding root element;
a secure comparison protocol for obtaining the status indication variable.
Further, the merging of the security merge check sets and the algorithm is completed, which may include:
searching the mask of each given element and the corresponding root element thereof by utilizing a security union searching algorithm;
according to the mask of each given element, acquiring the rank of the corresponding root element by utilizing a safety list index algorithm;
according to the root element of each given element and the rank of the root element, a safety comparison protocol is utilized to obtain a state indication variable;
generating auxiliary variables according to the state indicating variables;
and updating the father node and the rank of each given element according to the auxiliary variable, and completing the merging of the union.
Further, according to the root element and the rank of the root element of each given element, using the security comparison protocol, obtaining the state indication variable may include:
according to the root element of each given element, a first state indicating variable of each given element is obtained by utilizing a safety comparison protocol;
and obtaining a second state indicating variable and a third state indicating variable of each given element by using a safety comparison protocol according to the rank of the root element.
Further, generating the auxiliary variable from the status indicating variable may include:
generating a first auxiliary variable by using the first state indicating variable and the second state indicating variable according to the root element of each given element;
generating a second auxiliary variable using the first state indicating variable and the second state indicating variable according to the mask of each given element;
a third auxiliary variable is generated from the first, second, and third state indicating variables.
Further, updating the parent node and rank of each given element according to the auxiliary variable, and completing the merging of the union may include:
obtaining a first updated value, a second updated value and a third updated value respectively according to the product of the first auxiliary variable and the first state indicating variable, the product of the second auxiliary variable and the first state indicating variable and the product of the third auxiliary variable and the first state indicating variable;
and selecting the maximum update value, and acquiring the father node and rank corresponding to the maximum update value as the new father node and rank of the corresponding set of each given element to finish merging the merging of the merging sets.
The following describes a secure union method based on arithmetic sharing and an operation method thereof in more detail.
If no special description exists, the method and the device operate on the double-cloud outsourcing computing architecture, and all data operations are in the ringWherein l represents the number of digits of the number. Exemplary, the server included on the dual cloud outsourced computer architecture is P 0 ,P 1 . It should be noted that the number of the substrates,
double cloud outsourcing computing architecture: the data owner encrypts the data locally and uploads the encrypted data to two independent cloud servers, the cloud servers execute a series of security calculations according to specific tasks, and finally the encrypted results are sent to the appointed users.
Semi-honest threat model: i.e., the server will faithfully perform the operations as specified by the protocol, but will attempt to snoop or infer private information about the original data.
The following describes in detail the basic components included in a secure and gathering method based on arithmetic sharing, which is provided in the embodiments of the present invention, and the secure and gathering method based on arithmetic sharing may include the following components:
1. a first component for generating auxiliary triples.
A random triplet is pre-generated: { < a >, < b >, < c > }, where < a > and < b > are kept secret from all servers, < c > satisfies < c > = < a > < b >, the auxiliary triples may be generated in an offline phase by homomorphic encryption or by inadvertent transmission.
Illustratively, the main steps for generating the auxiliary triples using homomorphic encryption may be as follows:
server P i (i.epsilon.0, 1) each generating a random number a i ,b i ,P 0 Will a 0 ,b 0 Homomorphic encryption is carried out and then the encrypted data is sent to P 1 ,P 1 Generating a random number r and calculating c 1 =a 1 ·b 1 -r,P 1 Calculation data v=a 0 ·b 1 +a 1 ·b 0 +r, v homomorphic encryption is carried out and then the encrypted v homomorphic encryption is sent to P 0 ,P 0 Decrypting to obtain v and calculating c 0 =a 0 ·b 0 +v, finally, P 0 Obtaining a 0 ,b 0 ,c 0 ,P 1 Obtaining a 1 ,b 1 ,c 1 . Algorithm 1 in table 1 below shows this in more detail:
TABLE 1
2. A second component for implementing a secure base operation.
The invention realizes the security basic operation based on arithmetic secret sharing, and x satisfies x assuming that secret sharing data is x 0 +x 1 =x,
Sharing Share i (x):P i Selecting random numbersCalculating x i =x-r, and send to P 1-i I.e. x 1-i =r。
Reconstruction of Reconstruct i (x):P 1-i Will x 1-i Send to P i From P i Calculating x=x 0 +x 1
Wherein,<x>a pair of arithmetic secrets representing x shares a value,<x> i the representation is stored at P i Is used to share a value.
Specifically, the second component may include: secure addition algorithms and secure multiplication algorithms.
The invention realizes a secure addition algorithm (SecAdd) based on arithmetic secret sharing, and z=x+y is given that secret sharing data is x, y; p (P) i (i.epsilon.0, 1) computing z locally i =x i +y i ,z=z 0 +z 1
The invention realizes a safe multiplication algorithm based on arithmetic secret sharing, wherein the secret sharing data is x, y, and then z=x.y; using the pre-generated multiplication triplet c=a·b, P is calculated as i (i.epsilon.0, 1) calculating e i =x i -a i ,f i =y i -b i ,P i (i.epsilon.0, 1) computations Reconstruct (e) and Reconstruct (f), reconstruct e and f, then P i (i.epsilon.0, 1) calculating z i =i·e·f+f·a i +e·b i +c i 。z=z 0 +z 1
3. And a third component for generating a security mask.
The present invention provides a special Mask structure (Mask) for hiding the data access pattern when the algorithm is executed. The structure is specifically defined as follows:
given an element non-repeating list x= [ x ] of length n 1 ,x 2 ,...,x n ]Wherein element x k The mask of (0 < k < n) is a list of length n, alpha= [ alpha ] 1 ,α 2 ,…,α n ]Wherein alpha is j=k =1 and α j≠k =0. For element x not present in the list k Its mask is α' = [0, …,0]。
For example, given a list x= [1,2,3,4], for element "2" therein, its mask is α= [0,1, 0]. And for element "5", its mask is α' = [0, …,0].
4. And a fourth component for generating a security comparison protocol.
Since the secure and gather method involves a large number of comparisons, the present invention provides a secure and efficient comparison protocol that, in order to be implemented, the present invention converts it into a comparison of the most significant bits (Most Significant Bit, MSB) of the ring data. In particular, the negative and non-negative numbers are separated in the upper half of the ring [2 l-1 ,2 l -1]And the lower half of the ring [0,2 ] l -1 -1]The method comprises the steps of carrying out a first treatment on the surface of the Therefore, the number on the ring has an MSB corresponding to a non-negative value of 0 and a negative value of 1, and the comparison on the arithmetic secret sharing data can be easily performed based on the MSB. Specifically, it can be shown as follows:
it should be noted that the fourth component may include: the security judgment is greater than or equal to the algorithm (SecGE), the security judgment is less than the algorithm (SecLT), and the security judgment is equal to the algorithm (SecET).
And (4.1) judging safety to be greater than or equal to an algorithm (SecGE).
To define<x>Whether or not it is greater than or equal to<y>,P i (iE0, 1) respective calculations<x-y> i Calculating SecMSB together<x-y>) To obtain the return value<b>X is greater than or equal to y if b=0, and x < y if b=1.
(4.2) the security decision is smaller than the algorithm (SecLT).
To define whether < x > is less than < y >, the present invention chooses to call 1-SecGE (< x >, < y >) to obtain the result.
(4.3) the security decision is equal to the algorithm (SecET).
To define whether < x > is equal to < y >, the present invention chooses to call the SecGE method twice in succession, as follows:
<r 1 >←SecGE(<x>,<y>);
<r 2 >←SecGE(<y>,<x>);
<r>←<r 1 ><r 2 >;
where r=1 indicates that < x > and < y > are equal and r=0 indicates that they are not equal.
5. And a fifth component for implementing a secure list operation.
It should be noted that access to a particular element in a list typically requires an index of that element, which allows the server to infer which elements in the list the user accessed by observing the data access pattern.
To solve this problem, the present invention proposes a series of security list operations as follows:
given a list x= [ x ] 1 ,x 2 ,...,x n ]Which is divided into two parts in the form of additive secret sharing, denoted as<x> 0 =[<x 1 > 0 ,<x 2 > 0 ,…,<x n > 0 ]And<x> 1 =[<x 1 > 1 ,<x 2 > 1 ,...,<x n > 1 ]the security operations on this list may be defined specifically as follows:
(5.1) a secure list query algorithm (Secure List Where Protocol, secwhile).
To better illustrate the secwhile protocol, assume server P i Inputting a secret sharing list<x> i Value shared with a secret<y> i The protocol then outputs a secret sharing mask<α> i =[<α 1 > i ,<α 2 > i ,...,<α n > i ]Wherein if and only ifWhen there is alpha j =1, otherwise α j =0 (1+.j+.n). At this time, the above-described functions can be efficiently implemented using the SecET protocol. Algorithm 2 in table 2 below shows the main steps of the secwhile protocol:
TABLE 2
(5.2) a secure list indexing algorithm (Secure List Index Protocol, secIndex).
To better illustrate the SecList protocol, assume server P i Inputting a secret sharing list<x> i Mask sharing with a secret<α i >=[<α 1 > i ,<α 2 > i ,...,<α n > i ]Wherein alpha is j=k =1 and α j≠k =0 (1+.k+.n, j=1, 2.,... The protocol then outputs a secret shared value<y>=<x k >. The above functions can be efficiently implemented using the SecMul protocol. It is understood that the SecIndex protocol may also be used for multidimensional data. Algorithm 3 in table 3 below shows the main steps of the secwhile protocol:
TABLE 3 Table 3
(5.3) a secure list update algorithm (Secure List Update Protocol, secUpdate).
To better illustrate the SecUpdate protocol, assume server P i Inputting a secret sharing list<x> i Value of a secret analysis<y> i Mask sharing with a secret<α i >=[α 1 > i ,<α 2 > i ,…,<α n > i ]Wherein alpha is j=k =1 and α j≠k =0 (1+.k+.n, j=1, 2.,... The protocol then outputs an updated list of secret shares<x′> i Wherein<x k >=>y>And is also provided with<x j≠k >=<x j >(1.ltoreq.k.ltoreq.n, j=1, 2,... Using the SecIndex protocol, the original value o of the element that needs to be updated can be obtained. The protocol then multiplies each element of α by y-o to get the updated value u for the entire list. Finally, the updated list is added to the original list. Thus, elements that need to be updated are equivalent to performing x k =x k +(y-x k ) =y, all other elements are equivalent to performing x j≠k =x j≠k +0. Algorithm 4 in table 4 below shows the main steps of the SecUpdate protocol:
TABLE 4 Table 4
The following describes in detail an operation method of the secure union method based on arithmetic sharing according to the present invention with reference to the embodiments.
According to the embodiment of the invention, the security and collection of privacy protection is provided, and privacy leakage caused by an access mode is avoided.
Specifically, the operation method may be as follows:
1) And generating a security and checking set initialization algorithm based on arithmetic sharing, and completing the initialization of the checking set by using the security and checking set initialization algorithm.
The security and challenge initialization algorithm (SecInit) is implemented by giving a secret division containing n elementsShared list<x>Generating two secret sharing lists<parent> i =[<p 1 > i ,<p 2 > i ,…,<p n > i ](i=0, 1) and<rank> i =[<r 1 > i ,<r 2 > i ,…,<r n > i ](i=0, 1), where p i And r i Respectively represent x i And auxiliary ranks. To initialize the two lists, each is set<p j > 0=i ,<p j > 1=0 And is also provided with<r j > 0=1 ,<r j > 1=0 This will cause x j To himself and let his rank be 1.
Specifically, it can be shown by algorithm 8 in table 8 as follows:
TABLE 8
2) And generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm, and completing the union searching by utilizing the security union searching algorithm.
A secure and find set lookup algorithm (SecFind) is used to find the root node of the set that uniquely contains element x. The method can be specifically as follows:
step one: p (P) 0 ,P 1 Co-execution of SecIndex to obtain x k Index of parent node.
Step two: by x k Parent index and auxiliary index of P 0 ,P 1 Simultaneous execution of SecWhere, obtaining x k Mask of parent node.
In a practical application scenario, the height of the tree is typically no more than 5, so here the parent node is not compared with the current node, but the SecFind is invoked in a loop.
Step three: loop call 5 SecFind.
Step four: circulation typeLoop calls SecIndex and SecWhere 5 times to obtain x k This step may hide the way the data is accessed.
Step five: loop call SecUpdate 5 times for path compression.
Step six: return to<I r >And<m r >。
specifically, it can be shown by algorithm 9 in the following list 9:
TABLE 9
3) And generating a security union check set union algorithm according to the security union check set search algorithm, the security list index algorithm and the security comparison protocol, and completing the union of the union check sets by utilizing the security union check set union algorithm.
The secure union algorithm (SecUnion) passes through a given two elements x p ,x q Is a mask of (2)<m p >,<m q >And merging the sets. The method can be specifically as follows:
step one: p (P) 0 ,P 1 Co-executing SecFind to find masks<m p_root >,<m q_root >And x p ,x q Indexing of root elements<I p_root >,<I q_root >。
Step two: obtaining rank of two root elements by performing SecIndex<r q >,<r q >。
Step three: the comparison protocol is performed to obtain three state indication variables,<s 1 >,<s 2 >,<s 3 >,<s 1 >represents x p And x q Whether there are different root elements or not,<s 2 >represents x p Whether the rank is less than x q Is used for the control of the rank of (c),<s 3 >represents x q Whether the rank is less than x p Is a rank of (c).
Step four: the parent node and rank are updated using the state indication variables described above.
In particular, s is used 1 ,s 2 ,s 3 To generate three auxiliary variables:<I u >,<m u >,<r u >(u represents update), s 2 ,s 3 The values of these auxiliary variables are determined to be taken from x p Root of (2) is also x q Is a root of (2).
Multiplying s by an auxiliary variable 1 To ensure when x p And x q With the same root, all update values are 0, which means that no updates have to be made to the union. Specifically, s 1 Determining whether two union sets need to be combined or not s 1 The calculated value of (2) is equal to 1, which indicates that the root nodes of the two sub-union sets are different, and the merging operation is needed. s is(s) 1 The calculated value of (2) is equal to 0, which means that the root nodes of the two sub-union sets are identical, i.e. the two union sets are already in the same set, without merging.
According to an embodiment of the invention, an optimization is achieved in the last step of updating the rank, which is called rank merge-based union.
Specifically, it may be shown by algorithm 10 in the following list 10:
table 10
For the content in the above embodiments, the present invention provides the following experimental evaluation results, specifically as follows:
1) Description of the environment
The invention provides a secure union method based on arithmetic sharing and performance evaluation of an operation method thereof, which are implemented by two servers (P) using Ubuntu 20.04 and equipped with Intel (R) Core (TM) i9-10900kCPU@3.7GHz,128G RAM 0 And P 1 ) And wherein the communication protocol is the TCP protocol in a Local Area Network (LAN) between the two servers. Flat plateThe average network delay is 0.24ms and the bandwidth is 1.25GB/s.
2) Evaluation result 1
A list of elements of length n=1000 was entered for performance evaluation, the evaluation results being shown in table 11 below:
TABLE 11
As shown in table 11, all basic operation protocols can be completed within 15ms, and the required network communication overhead is less than 150KB; this is because embodiments of the present invention provide a base operational protocol having O (1) communication element complexity and O (n) computation complexity.
3) Evaluation result two
The search and merging operation of the merging set is performed with performance evaluation by inputting an element list with the length of n, and the evaluation results are shown in the following table 12:
table 12
As shown in table 12, with a linear increase in n, both the computation time and the communication overhead increase linearly.
According to the embodiment of the invention, the following technical effects are achieved:
1. the data structure and operation are optimally designed for merging, so that private information in the data structure and operation is prevented from being leaked through a data access mode, and higher calculation efficiency is provided while the user data privacy is protected.
2. Based on the security merging and gathering operation method, the provable security under the semi-honest threat model can be realized, namely, the operations of initializing, searching, merging and the like of merging and gathering can be correctly performed on the outsourcing cloud server, but the plaintext information of the merging and gathering data cannot be leaked to the cloud server.
3. Compared with the prior art, the method has the advantages of low performance cost, high operation precision, capability of supporting parallel computation and capability of resisting access mode attack.
It can be understood that each algorithm/component in the secure and gather method based on arithmetic sharing 100 shown in fig. 1 has a function of implementing each step in the operation method 200 of the secure and gather method based on arithmetic sharing provided in the embodiment of the present invention, and can achieve the corresponding technical effects.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution disclosed in the present invention can be achieved, and are not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (10)

1. The security merging and gathering method based on arithmetic sharing is applied to a double-cloud outsourcing server, and is characterized in that the algorithm comprises the following steps:
an arithmetic sharing-based security union initialization algorithm;
generating a security union searching algorithm according to the security list indexing algorithm, the security list inquiring algorithm and the security list updating algorithm;
and generating a security union searching set and algorithm according to the security union searching algorithm, the security list indexing algorithm and the security comparison protocol.
2. An arithmetic method of a security union searching method based on arithmetic sharing is applied to a double-cloud outsourcing server, and is characterized by comprising the following steps:
generating a security union checking initialization algorithm based on arithmetic sharing, and completing initialization of the union checking by using the security union checking initialization algorithm;
generating a security union searching algorithm according to a security list indexing algorithm, a security list inquiring algorithm and a security list updating algorithm, and completing the union searching by using the security union searching algorithm;
and generating a safety union check set union algorithm according to the safety union check set searching algorithm, the safety list indexing algorithm and the safety comparison protocol, and completing union of the union check sets by utilizing the safety union check set union algorithm.
3. The method according to claim 2, wherein the generating a secure union initialization algorithm based on arithmetic sharing, the initializing the union using the secure union initialization algorithm, comprises:
based on arithmetic sharing, carrying out encryption sharing on the N multi-element lists to generate 2N secret sharing lists;
and allocating corresponding father nodes and ranks for the secret sharing list, and completing initialization of the union.
4. The method according to claim 2, wherein generating the security union lookup algorithm based on the security list indexing algorithm, the security list query algorithm, and the security list update algorithm comprises:
generating an initial security and search set searching algorithm according to the security list indexing algorithm;
and generating a final security union searching algorithm according to the initial security union searching algorithm, the security list searching algorithm and the security list updating algorithm.
5. The method of claim 2, wherein said performing a search of said union using said secure union search algorithm comprises:
obtaining the index of the father node according to the safety list index algorithm;
obtaining a sharing mask of the father node by utilizing a safe list query algorithm according to the index of the father node and the auxiliary index;
circularly executing the initial security and searching set searching algorithm, and circularly calling a security list searching algorithm and a security list updating algorithm until the circulation times reach a preset threshold value to obtain a root node corresponding to the father node;
circularly executing a safe list updating algorithm until the cycle times reach a preset threshold value, outputting a shared mask and a shared value of a root node corresponding to the father node, and completing searching of a union; wherein the shared mask is used to hide the data access pattern.
6. The method of claim 2, wherein the generating a secure union algorithm based on the secure union lookup algorithm, the secure list indexing algorithm, and a secure comparison protocol comprises:
combining the security parallel checking set searching algorithm, the security list indexing algorithm and a security comparison protocol to generate the security parallel checking set searching algorithm; wherein,
the security union searching algorithm is used for searching the mask of a given element and the corresponding root element thereof; the mask is used for hiding the data access mode;
the safety list index algorithm is used for acquiring the rank of the corresponding root element;
the security comparison protocol is used for obtaining the state indication variable.
7. The method according to claim 2, wherein the merging of the union sets is accomplished by the secure union-check algorithm, comprising:
searching the mask of each given element and the corresponding root element by using the security union searching algorithm;
according to the mask of each given element, acquiring the rank of the corresponding root element by utilizing the safety list index algorithm;
according to the root element of each given element and the rank of the root element, acquiring a state indication variable by utilizing the safety comparison protocol;
generating an auxiliary variable according to the state indicating variable;
and updating the father node and the rank of each given element according to the auxiliary variables, and completing merging of the union.
8. The method according to claim 7, wherein the obtaining the state indicating variable according to the root element and the rank of the root element of each given element using the security comparison protocol includes:
according to the root element of each given element, using the security comparison protocol to obtain a first state indicating variable of each given element;
and obtaining a second state indicating variable and a third state indicating variable of each given element by using the safety comparison protocol according to the rank of the root element.
9. The method of claim 8, wherein generating the auxiliary variable from the status indicating variable comprises:
generating a first auxiliary variable by using the first state indicating variable and the second state indicating variable according to the root element of each given element;
generating a second auxiliary variable using the first state indicating variable and the second state indicating variable according to the mask of each given element;
and generating a third auxiliary variable according to the first state indicating variable, the second state indicating variable and the third state indicating variable.
10. The method according to claim 9, wherein updating the parent node and rank of each given element according to the auxiliary variable, and completing the merging of the union, comprises:
obtaining a first updated value, a second updated value and a third updated value according to the product of the first auxiliary variable and the first state indicating variable, the product of the second auxiliary variable and the first state indicating variable and the product of the third auxiliary variable and the first state indicating variable respectively;
and selecting the maximum update value, and acquiring the father node and rank corresponding to the maximum update value as the new father node and rank of the corresponding set of each given element to finish merging the set.
CN202311111312.5A 2023-08-30 2023-08-30 Security union checking method based on arithmetic sharing and operation method thereof Pending CN117056978A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311111312.5A CN117056978A (en) 2023-08-30 2023-08-30 Security union checking method based on arithmetic sharing and operation method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311111312.5A CN117056978A (en) 2023-08-30 2023-08-30 Security union checking method based on arithmetic sharing and operation method thereof

Publications (1)

Publication Number Publication Date
CN117056978A true CN117056978A (en) 2023-11-14

Family

ID=88669180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311111312.5A Pending CN117056978A (en) 2023-08-30 2023-08-30 Security union checking method based on arithmetic sharing and operation method thereof

Country Status (1)

Country Link
CN (1) CN117056978A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040170171A1 (en) * 2002-08-10 2004-09-02 Cisco Technology, Inc., A California Corporation Generating and merging lookup results to apply multiple features
US20150220684A1 (en) * 2014-02-06 2015-08-06 Reference Genomics, Inc. System and method for characterizing biological sequence data through a probabilistic data structure
CN109800241A (en) * 2018-12-21 2019-05-24 厦门市美亚柏科信息股份有限公司 A kind of set operation method and terminal
US20190347529A1 (en) * 2018-05-08 2019-11-14 Tsinghua University Packet classification method and device
CN110531335A (en) * 2019-09-18 2019-12-03 哈尔滨工程大学 A kind of low complex degree similitude clustering signal sorting method based on Union-find Sets
CN112182649A (en) * 2020-09-22 2021-01-05 上海海洋大学 Data privacy protection system based on safe two-party calculation linear regression algorithm
CN112860692A (en) * 2021-01-29 2021-05-28 城云科技(中国)有限公司 Database table structure conversion method and device and electronic equipment thereof
CN112883241A (en) * 2021-03-19 2021-06-01 中国人民解放军国防科技大学 Supercomputer benchmark test acceleration method based on connected component generation optimization
CN112966281A (en) * 2021-03-19 2021-06-15 西安电子科技大学 Privacy protection association rule mining method based on sparse data set
CN114154554A (en) * 2021-10-28 2022-03-08 上海海洋大学 Privacy protection outsourcing data KNN algorithm based on non-collusion double-cloud server

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040170171A1 (en) * 2002-08-10 2004-09-02 Cisco Technology, Inc., A California Corporation Generating and merging lookup results to apply multiple features
US20150220684A1 (en) * 2014-02-06 2015-08-06 Reference Genomics, Inc. System and method for characterizing biological sequence data through a probabilistic data structure
US20190347529A1 (en) * 2018-05-08 2019-11-14 Tsinghua University Packet classification method and device
CN109800241A (en) * 2018-12-21 2019-05-24 厦门市美亚柏科信息股份有限公司 A kind of set operation method and terminal
CN110531335A (en) * 2019-09-18 2019-12-03 哈尔滨工程大学 A kind of low complex degree similitude clustering signal sorting method based on Union-find Sets
CN112182649A (en) * 2020-09-22 2021-01-05 上海海洋大学 Data privacy protection system based on safe two-party calculation linear regression algorithm
CN112860692A (en) * 2021-01-29 2021-05-28 城云科技(中国)有限公司 Database table structure conversion method and device and electronic equipment thereof
CN112883241A (en) * 2021-03-19 2021-06-01 中国人民解放军国防科技大学 Supercomputer benchmark test acceleration method based on connected component generation optimization
CN112966281A (en) * 2021-03-19 2021-06-15 西安电子科技大学 Privacy protection association rule mining method based on sparse data set
CN114154554A (en) * 2021-10-28 2022-03-08 上海海洋大学 Privacy protection outsourcing data KNN algorithm based on non-collusion double-cloud server

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李绍丽;苑玮琦;李德健;: "基于并查集和约束集合的雪糕棒表面污染检测", 计算机应用研究, no. 08, 21 July 2017 (2017-07-21) *
罗志磊;冯波;叶鹏;: "基于并查集的图像连通域标记算法", 黑龙江科技信息, no. 11, 15 April 2017 (2017-04-15) *

Similar Documents

Publication Publication Date Title
Mayberry et al. Efficient private file retrieval by combining ORAM and PIR
Pasupuleti et al. An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing
Kiss et al. SoK: Modular and efficient private decision tree evaluation
Lu A new communication-efficient privacy-preserving range query scheme in fog-enhanced IoT
Schneider et al. GMW vs. Yao? Efficient secure two-party computation with low depth circuits
Huang et al. Achieving big data privacy via hybrid cloud
Faber et al. Three-party ORAM for secure computation
CN108718231A (en) A kind of full homomorphic cryptography method, apparatus and computer readable storage medium
CN110866135B (en) Response length hiding-based k-NN image retrieval method and system
Zhang et al. Dynamic and Efficient Private Keyword Search over Inverted Index--Based Encrypted Data
CN114065252A (en) Privacy set intersection method and device with condition retrieval and computer equipment
CN111008406B (en) Method and device for performing service processing based on consistency detection of private data
CN111902809A (en) Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium
CN112332979A (en) Ciphertext searching method, system and equipment in cloud computing environment
CN114491613A (en) Efficient searchable agent privacy set intersection method and device
CN112000632A (en) Ciphertext sharing method, medium, sharing client and system
Asharov et al. Efficient secure three-party sorting with applications to data analysis and heavy hitters
Wang et al. Performance characterization on handling large-scale partitionable workloads on heterogeneous networked compute platforms
Hoang et al. A multi-server oram framework with constant client bandwidth blowup
JP7000601B2 (en) Search for private information by sublinear public key operation
Kabir et al. A dynamic searchable encryption scheme for secure cloud server operation reserving multi-keyword ranked search
CN113630250A (en) Model training method and system based on data encryption
CN111865581B (en) Quantum secret sharing method based on tensor network and quantum communication system
CN109409111B (en) Encrypted image-oriented fuzzy search method
CN117056978A (en) Security union checking method based on arithmetic sharing and operation method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination