CN117240620B - Privacy set union system and method - Google Patents

Privacy set union system and method Download PDF

Info

Publication number
CN117240620B
CN117240620B CN202311504898.1A CN202311504898A CN117240620B CN 117240620 B CN117240620 B CN 117240620B CN 202311504898 A CN202311504898 A CN 202311504898A CN 117240620 B CN117240620 B CN 117240620B
Authority
CN
China
Prior art keywords
information
sender
receiver
service
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311504898.1A
Other languages
Chinese (zh)
Other versions
CN117240620A (en
Inventor
郑小林
刘纪海
陈超超
谢鲁
鲍力成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Jinzhita Technology Co ltd
Original Assignee
Hangzhou Jinzhita Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Jinzhita Technology Co ltd filed Critical Hangzhou Jinzhita Technology Co ltd
Priority to CN202311504898.1A priority Critical patent/CN117240620B/en
Publication of CN117240620A publication Critical patent/CN117240620A/en
Application granted granted Critical
Publication of CN117240620B publication Critical patent/CN117240620B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a privacy set union system and a method, wherein the privacy set union system comprises an information receiver and an information sender, and comprises the following steps: the information receiver processes the receiver information into first service information by utilizing a receiver key and a truncation processing strategy; under the condition that sender encryption information submitted by an information sender is received, the sender encryption information is processed into information to be truncated by utilizing a receiver key and the replacement processing strategy, and the information is sent to the information sender; the information sender processes the information to be truncated into second service information by using a truncation processing strategy; comparing the first service information with the second service information to obtain an initial information vector; at this time, the information receiver converts the initial information vector into a target information vector by using an inverse substitution processing strategy; and creating an information merging task according to the target information vector, and executing the information merging task in a mode of interacting with the information sender to obtain the merging information between the information receiver and the information sender.

Description

Privacy set union system and method
Technical Field
The present disclosure relates to the field of information processing technologies, and in particular, to a system and a method for merging privacy sets.
Background
With the development of internet technology, privacy of data has become particularly important to all parties. In some scenes, in order to meet the requirements of actual services, two parties holding private data need to determine union data, so as to determine all objects involved in the scene; such as IP blacklist sharing, or vulnerability data aggregation, or privacy ID aggregation, etc. When each party holds different data of the object, the data of each party is combined, so that the union information needed in the current scene can be obtained for use. In response to this need, namely, the privacy computing protocol design scenario, a proprietary protocol under the secure multiparty computing framework is involved: privacy set union computation protocol (Private Set Union, PSU). The PSU allows a group of participants to input a private set, ensuring that the union of the private sets is calculated together without revealing intersection information and other private set element information. In the prior art, the use of the privacy set solving and calculating protocol is mainly realized based on a public key cryptosystem and a symmetric cryptosystem, but the application under the two systems has efficiency problems, and more calculation resources are sacrificed for ensuring the data security, and the complexity is higher. There is therefore a need for an effective solution to the above problems.
Disclosure of Invention
In view of the foregoing, embodiments of the present application provide a privacy set union system to solve the technical drawbacks in the prior art. The embodiment of the application also provides a privacy set union method, a computing device and a computer readable storage medium.
According to a first aspect of an embodiment of the present application, there is provided a privacy set union system, including an information receiver and an information sender, where the information receiver and the information sender are configured with a truncation processing policy, a permutation processing policy, and an inverse permutation processing policy, and the privacy set union system includes:
the information receiver is used for processing the receiver information into first service information by utilizing a receiver key and the truncation processing strategy and sending the first service information to the information sender; under the condition that sender encryption information submitted by the information sender is received, the sender encryption information is processed into information to be truncated by utilizing the receiver key and the replacement processing strategy and is sent to the information sender;
the information sender is used for processing the information to be truncated into second service information by utilizing the truncation processing strategy; comparing the first service information with the second service information to obtain an initial information vector and sending the initial information vector to the information receiver;
The information receiver is further configured to convert the initial information vector into a target information vector by using the inverse permutation policy; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender to obtain the union information between the information receiver and the information sender.
Optionally, the information receiver is further configured to load the receiver key and the receiver information in response to an information processing request; encrypting the receiver information by using the receiver key to obtain receiver encryption information; and carrying out truncation processing on the encryption information of the receiving party according to the truncation processing strategy to obtain the first service information.
Optionally, the information sender is further configured to load a sender key and sender information in response to the information processing request; and encrypting the sender information by using the sender key to obtain the sender encrypted information, and sending the sender encrypted information to the information receiver.
Optionally, the information receiver is further configured to encrypt the sender encryption information by using the receiver key to obtain information to be replaced; and carrying out position replacement on the sub replacement information contained in the information to be replaced according to the replacement processing strategy to obtain the information to be truncated.
Optionally, the information sender is further configured to perform truncation processing on the information to be truncated according to the truncation processing policy, so as to obtain the second service information; comparing the first service information with the second service information, and determining a plurality of sub-information vectors according to a comparison result; and splicing the plurality of sub information vectors to obtain the initial information vector.
Optionally, the information sender is further configured to read the ith sub-service information from the second service information according to the comparison result, and detect whether the ith sub-service information belongs to the first service information; if yes, determining a first sub-information vector corresponding to the ith sub-service information, i increasing by 1, and executing the step of reading the ith sub-service information from the second service information; if not, determining a second sub-information vector corresponding to the ith sub-service information, i is increased by 1, and executing the step of reading the ith sub-service information from the second service information; taking all the first sub-information vectors and all the second sub-information vectors as the plurality of sub-information vectors until i is increased to n; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information.
Optionally, the information receiver is further configured to construct the information merging task according to a preset careless transmission protocol and the target information vector; executing the information merging task in an interaction mode with the information sender, and obtaining an initial information set according to a task execution result; traversing the initial information set to obtain the union information between the information receiver and the information sender; and the information merging task is in an execution state, the information receiving party inputs a target information vector, and the information transmitting party inputs sub-service information.
Optionally, the information receiving party is further configured to select a j-th initial information from the initial information set, and determine a third sub-information vector corresponding to the j-th initial information from the target information vectors; detecting whether the third sub information vector is a preset information vector; if yes, taking the j-th initial information as sub-union information, j is increased by 1, and executing the step of selecting the j-th initial information from the initial information set; if not, j increases by 1, and executing the step of selecting the j-th initial information in the initial information set; generating the union information between the information receiver and the information sender based on all sub-union information until j is self-increased to m; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
According to a second aspect of an embodiment of the present application, there is provided a privacy set union method applied to a privacy set union system, where the privacy set union system includes an information receiver and an information sender, and the information receiver and the information sender are configured with a truncation processing policy, a permutation processing policy, and an inverse permutation processing policy, and the method includes:
the information receiver processes the receiver information into first service information by utilizing a receiver key and the interception processing strategy, and sends the first service information to the information sender, and processes the sender encryption information into information to be intercepted by utilizing the receiver key and the replacement processing strategy under the condition that sender encryption information submitted by the information sender is received;
the information sender processes the information to be truncated into second service information by utilizing the truncation processing strategy, and compares the first service information with the second service information to obtain an initial information vector;
the information receiver converts the initial information vector into a target information vector by using the reverse substitution processing strategy, creates an information merging task according to the target information vector, and executes the information merging task in an interaction mode with the information sender to obtain the union information between the information receiver and the information sender.
According to a third aspect of embodiments of the present application, there is provided a computing device comprising:
a memory and a processor;
the memory is used for storing computer executable instructions, and the processor implements the steps of the privacy set union method when executing the computer executable instructions.
According to a fourth aspect of embodiments of the present application, there is provided a computer-readable storage medium storing computer-executable instructions which, when executed by a processor, implement the steps of the privacy set union method.
In the privacy set union system provided in this embodiment, in order to improve the efficiency of union information determination between the information receiver and the information sender, and reduce the computational complexity and the overhead, a truncation processing policy, a replacement processing policy, and an inverse replacement processing policy may be configured in advance in the information receiver and the information sender. When an information receiver needs to request an information sender to cooperate to perform information merging, the information receiver can firstly process the information of the receiver into first service information by utilizing a receiver key and a truncation processing strategy and send the first service information to the information sender; simultaneously receiving sender encryption information submitted by an information sender, processing the sender encryption information into information to be truncated by utilizing a receiver key and a replacement processing strategy, and sending the information to the information sender; the first service information and the information to be truncated are processed into the same ciphertext, so that the information sender can process more conveniently. After receiving the information, the information sender can process the information to be truncated into second service information by using a truncation processing strategy; the first service information and the second service information can be aligned, and then the first service information and the second service information are compared, so that an initial information vector can be obtained and sent to an information receiver. Finally, the information receiver can utilize the reverse replacement processing strategy to convert the initial information vector into a target information vector; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender, so that the information receiver can determine the merging information between the information receiver and the information sender according to the need. When the information receiver and the information sender perform merging processing, the calculation complexity can be effectively reduced, and the calculation cost is reduced, so that the merging of the data is completed in a ciphertext state, and the information receiver can perform subsequent service processing more conveniently.
Drawings
FIG. 1 is a schematic diagram of a privacy set union system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a privacy set union system according to an embodiment of the present application;
FIG. 3 is a process flow diagram of a privacy set union system provided in one embodiment of the present application;
FIG. 4 is a flow chart of a method for merging privacy sets according to one embodiment of the present application;
FIG. 5 is a block diagram of a computing device according to one embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is, however, susceptible of embodiment in many other ways than those herein described and similar generalizations can be made by those skilled in the art without departing from the spirit of the application and the application is therefore not limited to the specific embodiments disclosed below.
The terminology used in one or more embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of one or more embodiments of the application. As used in this application in one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present application refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of the present application to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present application.
In the present application, a privacy set union system is provided. The present application relates to a privacy set union method, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments.
In practical applications, the privacy set union computing protocol is a secure multiparty computing protocol that securely computes the union of the participants' private sets and does not reveal any additional information (including intersections) of the privacy sets. Briefly, party P1 has a privacy setParty P2 congestionThere is privacy set->Without revealing any additional information (including intersection +.>) P1 obtaining the union->. PSU has many application scenarios such as IP blacklist sharing (intersection is not revealed), vulnerability data aggregation, privacy ID, etc. Existing schemes for constructing PSUs can be divided into two categories: the first implementation is based on a public key cryptosystem, and is mainly divided into (1) encrypting each element by an addition homomorphic encryption algorithm, and then calculating under a ciphertext state to obtain a union. Or (2) the PSU algorithm is implemented by lightweight cryptographic primitives ECDH, permutation functions, and an unintentional transport protocol. The second is based on a symmetric cryptosystem and an inadvertent transmission protocol, specifically, (3) based on an inadvertent pseudo-random function implemented by symmetric cryptosystem and inadvertent transmission and an inadvertent switching network to implement the PSU algorithm. Or (4) realizing PSU algorithm based on symmetric cipher and 2PC technology multi-query reverse privacy member query function and inadvertent key value pair storage.
However, the above (1) PSU algorithm is very inefficient in terms of the use of semi-homomorphic encryption algorithm. Whereas the PSU algorithms of (2) (3) (4) both achieve linear computational complexity and linear communication complexity, and both (3) and (4) employ an inadvertent transmission extension protocol, resulting in the complexity of the algorithm being related to the maximum set of participants. And (2) the ECDH algorithm is adopted, so that the algorithm is related to the size of the set of two parties. There is therefore a need for an effective solution to the above problems.
Referring to the schematic diagram shown in fig. 1, in the privacy set union system provided in this embodiment, in order to improve the efficiency of determining the union information between the information receiver and the information sender, and reduce the computational complexity and the overhead, a truncation processing policy, a replacement processing policy, and an inverse replacement processing policy may be configured in advance in the information receiver and the information sender. When an information receiver needs to request an information sender to cooperate to perform information merging, the information receiver can firstly process the information of the receiver into first service information by utilizing a receiver key and a truncation processing strategy and send the first service information to the information sender; simultaneously receiving sender encryption information submitted by an information sender, processing the sender encryption information into information to be truncated by utilizing a receiver key and a replacement processing strategy, and sending the information to the information sender; the first service information and the information to be truncated are processed into the same ciphertext, so that the information sender can process more conveniently. After receiving the information, the information sender can process the information to be truncated into second service information by using a truncation processing strategy; the first service information and the second service information can be aligned, and then the first service information and the second service information are compared, so that an initial information vector can be obtained and sent to an information receiver. Finally, the information receiver can utilize the reverse replacement processing strategy to convert the initial information vector into a target information vector; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender, so that the information receiver can determine the merging information between the information receiver and the information sender according to the need. When the information receiver and the information sender perform merging processing, the calculation complexity can be effectively reduced, and the calculation cost is reduced, so that the merging of the data is completed in a ciphertext state, and the information receiver can perform subsequent service processing more conveniently.
That is, the scheme of the private collection union system provided in this embodiment adopts a round of key exchange protocol to convert the comparison of the private collection into a round of key message comparison, so that the private data communication and the comparison security are ensured, the round of key exchange message is realized through ECC, and the security is ensured by the public key encryption technology. The replacement protocol is used for disturbing a round of key information of the information sender, so that the mapping relation between the key information and the privacy set is destroyed, and the intersection result is not revealed. The reverse permutation protocol is used for correctly obtaining the mapping relation between the vector and the privacy set of the information sender on the premise of not revealing intersection information. Finally, the union can be obtained on the premise of not revealing any information.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a privacy set union system provided according to an embodiment of the present application, where the privacy set union system 200 includes an information receiver 210 and an information sender 220, and each of the information receiver 210 and the information sender 220 is configured with a truncation processing policy, a permutation processing policy, and an inverse permutation processing policy, and includes:
the information receiver 210 is configured to process the receiver information into first service information by using a receiver key and the truncation processing policy, and send the first service information to the information sender; under the condition that sender encryption information submitted by the information sender is received, the sender encryption information is processed into information to be truncated by utilizing the receiver key and the replacement processing strategy and is sent to the information sender;
The information sender 220 is configured to process the information to be truncated into second service information by using the truncation processing policy; comparing the first service information with the second service information to obtain an initial information vector and sending the initial information vector to the information receiver;
the information receiver 210 is further configured to convert the initial information vector into a target information vector by using the inverse permutation policy; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender to obtain the union information between the information receiver and the information sender.
The privacy set union system provided by the embodiment can be applied to a scene of information union between two participants, such as an IP blacklist sharing scene (intersection is not revealed), a vulnerability data aggregation scene, a privacy ID scene and the like. In this embodiment, an IP blacklist sharing scenario is taken as an example, a privacy set union system is described, and descriptions of other scenarios can be referred to the same or corresponding descriptions of this embodiment, which are not repeated here. In this embodiment, two parties, that is, the interaction between the information receiving party and the information sending party, are taken as an example for explanation, and privacy requirements of other numbers of parties can be found in this embodiment, which is not described in detail herein.
Specifically, the information receiver specifically refers to a participant initiating information request and the receiver information held by the information receiver is privacy data relative to the information sender; correspondingly, the information sender is a participant for combining information by assigning the information receiver, and the sender information held by the information sender is privacy data relative to the information receiver; when the information receiver and the information sender perform the combination of the private information, the combination is completed by a terminal capable of performing information communication and calculation.
Correspondingly, the interception processing policy specifically refers to a policy deployed by both the information sender and the information receiver for intercepting information, and the policy is used for packaging an interception function truncate (vector) and a statistical security parameter lambda, so that before encryption information transmission between the information receiver and the information sender is realized, the information can be intercepted into a set length through the interception function, thereby ensuring higher information transmission efficiency between the information receiver and the information receiver, and improving calculation accuracy of intersection information. Correspondingly, the replacement processing policy specifically refers to a policy deployed by both the information sender and the information receiver for replacing information, where the policy is used to encapsulate a replacement function Permuta (prng, vector), so that before encrypted information is transferred between the information receiver and the information sender, information in an encrypted information set can be replaced, thereby further improving information security. Correspondingly, the reverse replacement processing strategy specifically refers to a strategy of performing reverse replacement on vectors deployed by both the information receiver and the information receiver, and the strategy is used for packaging a reverse replacement function InPermuta (prng, vector) to realize that after vector transfer is performed between the information receiver and the information sender, the vector can be subjected to reverse replacement, so that when the information receiver and the information sender perform information merging task in an interactive mode, the union information between the information receiver and the information sender can be calculated.
Accordingly, the receiver key specifically refers to a key held by the information receiver, and the key is a key required to be used by the information receiver in a round of key exchange information. Correspondingly, the first service information specifically refers to information obtained by encrypting and cutting off the information of the receiver held by the information receiver, and the information cannot be accessed relative to the information sender. The corresponding sender encryption information specifically refers to information obtained by encrypting sender information by using a sender key, and the information cannot be accessed relative to an information receiver. Correspondingly, the information to be truncated specifically refers to information obtained by replacing the encryption information of the sender. Correspondingly, the second service information specifically refers to information obtained after the information to be truncated is truncated, and the information length of the second service information is the same as that of the first service information.
Correspondingly, the initial information vector specifically refers to a vector expression obtained after comparing the first service information and the second service information, and the vector expression can embody information difference characterization between the first service information and the second service information, so that when information merging tasks are executed in a follow-up interaction mode, merging information between an information sender and an information receiver can be obtained by combining interaction contents of the information receiver and the information sender, and the accuracy and efficiency of calculation of the merging information are improved. Correspondingly, the target information vector specifically refers to an information vector obtained by performing inverse substitution on the initial information vector by using an inverse substitution processing strategy, so that an information receiver can conveniently perform subsequent task execution according to the target information vector. Correspondingly, the information merging task specifically refers to a task of performing interactive calculation of the merging information between the information receiver and the information sender, and the task can be determined by adopting a 2-choice 1 unintentional transmission protocol, so that the information merging can be determined on the premise of less communication. Correspondingly, the union information specifically refers to union information obtained after the receiver information held by the information receiver and the sender information held by the information sender are combined, and is used for subsequent processing services, such as IP blacklist sharing, so as to improve network security.
Based on this, in order to be able to improve the efficiency of the information determination of the union between the information receiver and the information sender while reducing the computational complexity and overhead, the truncation processing policy, the replacement processing policy, and the inverse replacement processing policy may be configured in advance at the information receiver and the information sender. When an information receiver needs to request an information sender to cooperate to perform information merging, the information receiver can firstly process the information of the receiver into first service information by utilizing a receiver key and a truncation processing strategy and send the first service information to the information sender; simultaneously receiving sender encryption information submitted by an information sender, processing the sender encryption information into information to be truncated by utilizing a receiver key and a replacement processing strategy, and sending the information to the information sender; the first service information and the information to be truncated are processed into the same ciphertext, so that the information sender can process more conveniently. After receiving the information, the information sender can process the information to be truncated into second service information by using a truncation processing strategy; the first service information and the second service information can be aligned, and then the first service information and the second service information are compared, so that an initial information vector can be obtained and sent to an information receiver. Finally, the information receiver can utilize the reverse replacement processing strategy to convert the initial information vector into a target information vector; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender, so that the information receiver can determine the merging information between the information receiver and the information sender according to the need. When the information receiver and the information sender perform merging processing, the calculation complexity can be effectively reduced, and the calculation cost is reduced, so that the merging of the data is completed in a ciphertext state, and the information receiver can perform subsequent service processing more conveniently.
In practical application, when comparing the first service information and the second service information, the difference between the first service information and the second service information is actually calculated, so that the difference set between the first service information and the second service information is determined in a ciphertext state, and the subsequent calculation of the union information according to the difference calculation result is facilitated.
For example, in a scenario where the enterprise a and the enterprise B have a cooperative relationship, the enterprise a and the enterprise B may perform interaction of part of data, so as to provide better quality service for users according to the interacted data. In practical application, some abnormal users can perform network attack on the enterprise a and the enterprise B, and the attack can cause data leakage. In order to avoid that the enterprise B can synchronize the IP address of the abnormal user under the condition that the enterprise a protects the abnormal user from attack, the abnormal user cannot attack the network of the enterprise B. So that enterprise a and enterprise B can share the IP blacklist.
Based on this, the a party corresponding to the a enterprise can firstly utilize a round of key b corresponding to the key exchange information and a pre-configured truncation processing strategy (including a truncation function (vector) and a statistical security parameter lambda) to blacklist the IP held by the a party(where x represents the IP blacklist information held by the A-party and m represents the number of users in the IP blacklist held by the A-party) is treated as +. >And sent to party B. At the same time, party A receives the key exchange information sent by party B>After (where y represents the information of the IP blacklist held by the B-party, and n represents the number of users in the IP blacklist held by the B-party), the key B and the permutation policy (including the permutation function permauta (prng, vector)) can be reused to exchange the key informationProcessing to set=>And sent to party B.
When the B side receivesAnd set, set can be treated as +.>After which by comparison->Andand constructing a vector e according to the comparison result and sending the vector e to the A party.
After receiving the vector e, the party a can firstly convert the vector e into a vector e' by using an inverse permutation strategy (including an inverse permutation function inprmuta (prng, vector)), an information merging task can be created based on the vector e, the calculation of the merging information between the party a and the party B can be realized by executing the information merging task, and when the merging calculation is performed, the party a and the party B can complete the difference calculation by adopting careless transmission (OT, oblivious transfer), and finally the merging information is obtained by the party a under the condition of not revealing information. Namely, the A side determines that the IP blacklist has IP3 besides the IP1 and the IP2 which are clear, so that the A side can protect against the newly obtained IP3 and avoid the IP address from attacking the network service of the A side.
In conclusion, by adopting a round of key exchange protocol to convert the comparison of the privacy set into the comparison of a round of key message, the private data communication and the comparison safety are ensured, and the round of key exchange message is realized through ECC, and the safety is ensured by a public key encryption technology. The replacement protocol is used for disturbing a round of key information of the information sender, so that the mapping relation between the key information and the privacy set is destroyed, and the intersection result is not revealed. The reverse permutation protocol is used for correctly obtaining the mapping relation between the vector and the privacy set of the information sender on the premise of not revealing intersection information. Finally, the union can be obtained on the premise of not revealing any information.
In one or more embodiments of the present disclosure, when an information receiving party performs information processing by combining a receiving party key and a truncation processing policy, the information receiving party performs truncation based on encryption, thereby improving information security; in this embodiment, the information receiver is further configured to load the receiver key and the receiver information in response to an information processing request; encrypting the receiver information by using the receiver key to obtain receiver encryption information; and carrying out truncation processing on the encryption information of the receiving party according to the truncation processing strategy to obtain the first service information.
Specifically, the information processing request specifically refers to a request for combining private data triggered by an information receiver, through which the information receiver can determine which party the information sender needing to cooperate with the information receiver is, and the information combining requirement; similarly, the information sender can determine which party the information receiver to be matched is according to the request, and the information combining requirement. The receiving party encryption information specifically refers to ciphertext information obtained by encrypting the receiving party information by using a receiving party key. Based on this, the information receiver loads the receiver key and the receiver information in response to the information processing request; at the moment, the receiver key can be used for encrypting the receiver information, so that the receiver encryption information in the ciphertext state can be obtained according to the encryption result; on the basis, the interception processing strategy can be reused to intercept the encryption information of the receiver, so that the first service information is obtained according to the interception processing result; that is, the encryption information of the receiver with the first set length is truncated into the first service information with the second set length by using the truncation policy, and the statistical security parameters are fused, so as to further ensure the data security.
In conclusion, the information receiver firstly encrypts the information of the receiver and then truncates the encrypted result, so that the first service information finally sent to the information sender can be ensured not to be decrypted by the information receiver, and meanwhile, the information length is shorter, and the calculation efficiency is effectively improved.
In one or more embodiments of the present disclosure, in order to improve information security, an information sender sends the encrypted information to an information receiver, where in this embodiment, the information sender is further configured to load a sender key and sender information in response to the information processing request; and encrypting the sender information by using the sender key to obtain the sender encrypted information, and sending the sender encrypted information to the information receiver.
Specifically, the sender key refers to a key held by the information sender, and the key is a key required to be used by the information sender in a round of key exchange information. Based on this, in the privacy information merging stage, in order to improve the information security while ensuring the accuracy of privacy merging, the information sender can load the sender key and the sender information in response to the information processing request; and encrypting the sender information by using the sender key, and then sending the sender encrypted information to an information receiver after obtaining the sender encrypted information.
Along the above example, party A can determine the key b and the held IP blacklist information according to the requestAfter that, the IP blacklist is first of all treated with key b +.>Encryption is performed to obtain a key exchange message->Then the key exchange information is truncated by using a truncation strategy (comprising a truncation function (vector) and a statistical security parameter lambda), thus obtainingAnd sends it to the B-party. Meanwhile, the B party can determine the secret key a and the held IP blacklist information according to the merging requirement>After that, IP blacklist information is +.>Encryption is carried out to obtain key exchange information +.>And sends it to party a for subsequent privacy merging by party a.
In conclusion, the information transmission between the information sender and the information receiver is performed by adopting the ciphertext interaction information, so that the information security can be effectively improved, the information interaction times are fewer, the communication overhead can be effectively reduced, and more communication resources are saved.
In one or more embodiments of the present disclosure, when an information receiving party processes information by using a replacement processing policy, the information receiving party performs replacement on an information position, so as to avoid an information sending party from deducing an original state and a position of the information, where in this embodiment, the information receiving party is further configured to encrypt the sender encrypted information by using the receiving party key to obtain information to be replaced; and carrying out position replacement on the sub replacement information contained in the information to be replaced according to the replacement processing strategy to obtain the information to be truncated.
Specifically, the information to be replaced refers to ciphertext information obtained by re-encrypting the sender encryption information by using the receiver key, and the information to be truncated can be obtained after the replacement processing is performed by the replacement processing strategy. The substitution processing specifically refers to processing of performing position substitution or representing substitution on sub-information contained in the information to be substituted by using a substitution processing strategy, and the essence of the substitution is that the attribute or meaning of the information is not changed, but the substitution is performed by using other expressions of the same attribute or meaning.
Based on the above, after receiving the sender encryption information submitted by the sender, the receiver can process the ciphertext information into the same dimension for subsequent comparison, so as to determine intersection information, and meanwhile, prevent the private information held by each receiver from being revealed to the other party, and the receiver can encrypt the sender encryption information by using the receiver key to obtain the information to be replaced; and then, carrying out position replacement on sub-replacement information contained in the to-be-replaced information according to a replacement processing strategy, so that the to-be-truncated information can be obtained according to a replacement processing result, and preparation is made for calculation.
In practical application, when the position is replaced, a random generator can be generated according to a replacement processing strategy; and inputting the information to be replaced into a random generator, and performing position replacement on the sub-replacement information contained in the information to be replaced through the random generator to obtain the information to be truncated output by the random generator. The random generator specifically refers to a processor capable of adjusting the position of sub-permutation information contained in the information to be permuted, and the position permutation process is in a random state, so that the information sender can be prevented from deducing the original position of the information. Correspondingly, the sub permutation information is each piece of information contained in the information to be permutated. For example, if the information to be replaced is a user information set, the sub replacement information is the user information of each user.
That is, after obtaining the information to be permuted, the information receiver may generate a random generator according to the permutation policy; inputting information to be replaced into the random generator, carrying out position replacement on sub-replacement information contained in the information to be replaced through the random generator, and carrying out position replacement on the sub-replacement information on the basis of encryption of a secret key of a sender, so that information to be truncated output by the random generator is obtained, the information to be truncated finally sent to the information sender is ensured to be in an encryption state, the encrypted ciphertext form is matched with the first service information, and therefore the information can be compared in the same dimension in a comparison stage, and subsequent union calculation is carried out according to a comparison processing result.
Along with the above example, party A receives the transmission from party BAfter that, the above information can be encrypted again by using the key b, so that +_ can be obtained according to the encryption result>At this time, a pseudo-random generator prng may be generated based on AES according to a permutation policy (including a permutation function Permuta (prng), and the encryption result may be permuted by the pseudo-random generator prng, thereby obtaining information et=from the permutation resultAnd sends set to B side. After the subsequent comparison, the party B can be matched with the party A to finish the determination of the union information.
In summary, the information receiver performs re-encryption and replacement processing on the encryption information of the sender, so that the finally obtained information to be intercepted is identical to the ciphertext form of the first service information, and subsequent comparison is performed based on the finally obtained information to be intercepted and the ciphertext form of the first service information, so that the information receiver can be ensured to be completed in the ciphertext state, and the information security is improved.
In one or more embodiments of the present disclosure, when comparing information, sub-information in service information is compared, and then sub-information vectors are determined according to the comparison result, so as to splice initial information vectors; in this embodiment, the information sender is further configured to perform a truncation process on the information to be truncated according to the truncation policy, to obtain the second service information; comparing the first service information with the second service information, and determining a plurality of sub-information vectors according to a comparison result; and splicing the plurality of sub information vectors to obtain the initial information vector.
Specifically, the sub-information vector specifically refers to a vector expression obtained after each round of comparison of information contained in the first service information and information contained in the second service information; and splicing the plurality of sub information vectors to obtain an initial information vector.
Based on the information, after receiving the information to be truncated, the information sender can carry out truncation processing on the information to be truncated according to a truncation processing strategy, so that the information to be truncated is processed into second service information with the same length as the first service information; on the basis, vector construction can be performed through multiple rounds of comparison, namely, the first service information and the second service information are compared, and a plurality of sub-information vectors are determined according to the comparison result; and finally, splicing the sub information vectors to obtain an initial information vector.
In one or more embodiments of the present disclosure, the determination of the sub-information vector specifically refers to: the information sender is further configured to read the ith sub-service information from the second service information according to the comparison result, and detect whether the ith sub-service information belongs to the first service information; if yes, determining a first sub-information vector corresponding to the ith sub-service information, i increasing by 1, and executing the step of reading the ith sub-service information from the second service information; if not, determining a second sub-information vector corresponding to the ith sub-service information, i is increased by 1, and executing the step of reading the ith sub-service information from the second service information; taking all the first sub-information vectors and all the second sub-information vectors as the plurality of sub-information vectors until i is increased to n; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information.
Specifically, the ith sub-service information is any one of the sub-service information determined in the second service information according to the comparison result, and the information sender compares the service information, so that the sub-service information in the second service information is determined, and then whether the first service information belongs to the first service information in the ciphertext state is detected, so that the detection accuracy can be ensured. Correspondingly, the first sub-information vector specifically refers to a vector element, such as 0, given to the ith sub-service information if the first sub-information vector is the same; the second sub-information vector drumstick refers to a vector element, such as 1, which is assigned to the ith sub-service information if not.
Based on the above, after comparing the first service information and the second service information, the information sender can read the ith sub-service information from the second service information according to the comparison result and detect whether the ith sub-service information belongs to the first service information in order to support the subsequent calculation of the union information matched with the information receiver; if yes, the first service information contains the ith sub-service information, so that the first sub-information vector can be used as a sub-information vector corresponding to the ith sub-service information; thereafter, i is incremented by 1, and the step of reading the i-th sub-service information in the second service information is continued. If not, the first service information does not contain the ith sub-service information, so the second sub-information vector can be used as the second sub-information vector corresponding to the ith sub-service information under the current condition, and then i is increased by 1, and the step of reading the ith sub-service information in the second service information is continuously executed.
Until i is increased to n, indicating that all sub-service information in the second service information is detected, then all first sub-information vectors and all second sub-information vectors can be used as a plurality of sub-information vectors; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information. And then, splicing all the obtained first sub-information vectors and all the second sub-information vectors to obtain the initial information vector.
Along the above example, when the B side receivesAnd set, set can be treated as +.>After which by comparison->Andcan detect according to the comparison result(wherein i is the information currently detected, i is a value from 1, i is a positive integer), and if the information belongs to e corresponding to the current i information i Taking 0, otherwise taking 1 until i is increased to n, and obtaining all e i Spliced into a vector e and sent to the A party. So that the A party can complete the union calculation according to the vector e and the B party.
In summary, by determining a plurality of sub information vectors in a manner of comparing and detecting the information one by one and splicing the initial information vectors, it is ensured that the initial information vectors can fully embody the information comparison condition between the information receiver and the information sender, and the union calculation is performed based on the initial information vectors, so that the calculation accuracy and efficiency can be improved.
In one or more embodiments of the present disclosure, when an information receiving party and an information sending party perform an information merging task, the information in a set is traversed on the basis of obtaining an initial information set, so that union information is determined according to a traversing result, and in this embodiment, the information receiving party is further configured to construct the information merging task according to a preset careless transmission protocol and the target information vector; executing the information merging task in an interaction mode with the information sender, and obtaining an initial information set according to a task execution result; traversing the initial information set to obtain the union information between the information receiver and the information sender; and the information merging task is in an execution state, the information receiving party inputs a target information vector, and the information transmitting party inputs sub-service information.
In particular, the inadvertent transmission protocol refers to the OT (oblivious transfer) protocol, which can realize that when party a owns the secret Sa and party B owns the secret Sb, party a and party B want to exchange secrets, and can realize that both parties are likely to obtain the secret and the secret owner does not know whether the other party obtains the secret. Correspondingly, the initial information set specifically refers to a difference set obtained by an information receiver after performing information merging tasks, and is used for completing the information calculation of the union set according to the difference set.
Based on the information, the information receiver can construct an information merging task according to a preset careless transmission protocol and a target information vector; executing information merging tasks in an interaction mode with an information sender, and obtaining an initial information set according to a task execution result; on the basis, the union information between the information receiver and the information sender can be obtained according to the traversing result by traversing the initial information set; in addition, in the task execution process, the information receiver inputs the target information vector, and the information sender inputs the sub-service information, so that the accuracy and the efficiency of the union calculation are realized.
In one or more embodiments of the present disclosure, the determination of union information specifically refers to: the information receiver is further configured to select a j-th initial information from the initial information set, and determine a third sub-information vector corresponding to the j-th initial information from the target information vectors; detecting whether the third sub information vector is a preset information vector; if yes, taking the j-th initial information as sub-union information, j is increased by 1, and executing the step of selecting the j-th initial information from the initial information set; if not, j increases by 1, and executing the step of selecting the j-th initial information in the initial information set; generating the union information between the information receiver and the information sender based on all sub-union information until j is self-increased to m; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
Specifically, the jth initial information specifically refers to any difference set information selected from the initial information set; correspondingly, the third sub-information vector specifically refers to a vector expression corresponding to the j-th initial information; correspondingly, the preset information vector specifically refers to a vector expression set according to the requirement of the union, for example, may be 1; accordingly, the sub-union information specifically refers to elements constituting the union information.
Based on the information, after obtaining the initial information set, the information receiver can select the j-th initial information from the initial information set, and determine a third sub-information vector corresponding to the j-th initial information from the target information vectors; at this time, whether the third sub information vector is a preset information vector or not may be detected; if yes, j initial information can be used as sub-union information, j is increased by 1, and the step of selecting the j initial information from the initial information set is continuously executed; if not, j is directly increased by 1, and the step of selecting the j-th initial information in the initial information set is continuously executed.
Until j increases to m, indicating that all initial information in the initial information set is detected, so that the union information between the information receiver and the information sender can be generated based on all sub-union information; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
Along the above example, after receiving the vector e, the a side can firstly convert the vector e into a vector e' by using an inverse permutation processing strategy (including an inverse permutation function inprmuta (prng, vector)), and can create an information merging task based on the vector e, and can implement the information merging task by executing the information merging taskAnd (5) calculating union information. In the process, a difference set can be obtained by executing a 2-option 1OT protocol, and a vector e' is input by an A party, and a set message pair (Y, { T }) is input by a B party; according to the protocol write-only result, the A party can obtain a set { Y/X }; and atBased on the above, the A side can finally obtain a union (Y/X) U (X); namely, the A side determines that the IP blacklist has IP3 besides the IP1 and the IP2 which are clear, so that the A side can protect against the newly obtained IP3 and avoid the IP address from attacking the network service of the A side.
In conclusion, the difference set is obtained by adopting the 2-option 1OT protocol, and finally the union set is obtained on the premise of not revealing any information. The number of 1 OT-2 needed for this protocol is smaller than other protocols in the prior art, because it is only relevant to the aggregate size of the small aggregate, while other protocols require 1 OT-2 or more time-consuming 1 OT-n of the large aggregate size, and therefore the union computation is more efficient.
The application of the privacy set union system provided in the present application in the vulnerability data aggregation scenario is taken as an example in the following with reference to fig. 3, and the privacy set union system is further described. Fig. 3 shows a process flow diagram of a privacy set union system according to an embodiment of the present application, which specifically includes the following steps:
in step S302, the information receiver loads the receiver key and the receiver information in response to the information processing request, encrypts the receiver information with the receiver key, and obtains the receiver encrypted information.
Step S304, the information receiver performs the interception processing on the encryption information of the receiver according to the interception processing strategy, obtains the first service information, and sends the first service information to the information sender.
In step S306, the information sender loads the sender key and the sender information in response to the information processing request, encrypts the sender information with the sender key, obtains sender encrypted information, and sends the sender encrypted information to the information receiver.
In step S308, the information receiver encrypts the sender encryption information by using the receiver key to obtain the information to be replaced, and performs position replacement on the sub-replacement information included in the information to be replaced according to the replacement policy to obtain the information to be truncated. And transmitting to an information sender;
In step S310, the information sender performs truncation processing on the information to be truncated according to the truncation processing policy, so as to obtain second service information.
In step S312, the information sender compares the first service information with the second service information, determines a plurality of sub-information vectors according to the comparison result, splices the plurality of sub-information vectors to obtain an initial information vector, and sends the initial information vector to the information receiver.
Specifically, the information sender reads the ith sub-service information from the second service information according to the comparison result, and detects whether the ith sub-service information belongs to the first service information; if yes, determining a first sub-information vector corresponding to the ith sub-service information, i adding 1, and executing the step of reading the ith sub-service information from the second service information; if not, determining a second sub-information vector corresponding to the ith sub-service information, i is increased by 1, and executing the step of reading the ith sub-service information from the second service information; the first sub information vector and the second sub information vector are taken as a plurality of sub information vectors until i is increased to n; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information.
In step S314, the information receiver converts the initial information vector into the target information vector using the inverse permutation policy.
Step S316, the information receiver constructs an information merging task according to a preset careless transmission protocol and a target information vector, performs the information merging task in an interactive mode with the information sender, and obtains an initial information set according to a task execution result.
Step S318, the information receiver obtains union information between the information receiver and the information sender by traversing the initial information set; in the execution state, the information merging task inputs the target information vector by the information receiver and inputs the sub-service information by the information sender.
Specifically, the information receiver selects the j-th initial information from the initial information set, and determines a third sub-information vector corresponding to the j-th initial information from the target information vectors; detecting whether the third sub information vector is a preset information vector; if yes, taking the j-th initial information as sub-union information, j is increased by 1, and executing the step of selecting the j-th initial information from the initial information set; if not, j increases 1, and executing the step of selecting the j-th initial information in the initial information set; generating union information between the information receiver and the information sender based on all sub-union information until j is increased to m; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
In summary, in order to improve the efficiency of information determination by combining the information receiver and the information sender and reduce the computational complexity and overhead, the information receiver and the information sender may be configured with a truncation processing policy, a permutation processing policy, and an inverse permutation processing policy in advance. When an information receiver needs to request an information sender to cooperate to perform information merging, the information receiver can firstly process the information of the receiver into first service information by utilizing a receiver key and a truncation processing strategy and send the first service information to the information sender; simultaneously receiving sender encryption information submitted by an information sender, processing the sender encryption information into information to be truncated by utilizing a receiver key and a replacement processing strategy, and sending the information to the information sender; the first service information and the information to be truncated are processed into the same ciphertext, so that the information sender can process more conveniently. After receiving the information, the information sender can process the information to be truncated into second service information by using a truncation processing strategy; the first service information and the second service information can be aligned, and then the first service information and the second service information are compared, so that an initial information vector can be obtained and sent to an information receiver. Finally, the information receiver can utilize the reverse replacement processing strategy to convert the initial information vector into a target information vector; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender, so that the information receiver can determine the merging information between the information receiver and the information sender according to the need. When the information receiver and the information sender perform merging processing, the calculation complexity can be effectively reduced, and the calculation cost is reduced, so that the merging of the data is completed in a ciphertext state, and the information receiver can perform subsequent service processing more conveniently.
Corresponding to the above system embodiment, the present application further provides a privacy set union method embodiment, and fig. 4 shows a flowchart of a privacy set union method provided in an embodiment of the present application. As shown in fig. 4, the method is applied to a privacy set union system, the privacy set union system includes an information receiver and an information sender, wherein the information receiver and the information sender are configured with a truncation processing policy, a replacement processing policy and an inverse replacement processing policy, and the method includes:
step S402, the information receiver processes the receiver information into first service information by utilizing a receiver key and the interception processing strategy, and sends the first service information to the information sender, and processes the sender encryption information into information to be intercepted by utilizing the receiver key and the replacement processing strategy under the condition that sender encryption information submitted by the information sender is received;
step S404, the information sender processes the information to be truncated into second service information by using the truncation processing strategy, and compares the first service information with the second service information to obtain an initial information vector;
In step S406, the information receiver converts the initial information vector into a target information vector by using the inverse permutation policy, creates an information merging task according to the target information vector, and executes the information merging task by adopting a mode of interacting with the information sender to obtain the union information between the information receiver and the information sender.
In an alternative embodiment, the information receiver loads the receiver key and the receiver information in response to an information processing request; encrypting the receiver information by using the receiver key to obtain receiver encryption information; and carrying out truncation processing on the encryption information of the receiving party according to the truncation processing strategy to obtain the first service information.
In an alternative embodiment, the information sender is further configured to load a sender key and sender information in response to the information processing request; and encrypting the sender information by using the sender key to obtain the sender encrypted information, and sending the sender encrypted information to the information receiver.
In an optional embodiment, the information receiver encrypts the sender encryption information by using the receiver key to obtain information to be replaced; and carrying out position replacement on the sub replacement information contained in the information to be replaced according to the replacement processing strategy to obtain the information to be truncated.
In an optional embodiment, the information sender performs truncation processing on the information to be truncated according to the truncation processing policy to obtain the second service information; comparing the first service information with the second service information, and determining a plurality of sub-information vectors according to a comparison result; and splicing the plurality of sub information vectors to obtain the initial information vector.
In an optional embodiment, the information sender reads the ith sub-service information from the second service information according to the comparison result, and detects whether the ith sub-service information belongs to the first service information; if yes, determining a first sub-information vector corresponding to the ith sub-service information, i increasing by 1, and executing the step of reading the ith sub-service information from the second service information; if not, determining a second sub-information vector corresponding to the ith sub-service information, i is increased by 1, and executing the step of reading the ith sub-service information from the second service information; taking all the first sub-information vectors and all the second sub-information vectors as the plurality of sub-information vectors until i is increased to n; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information.
In an optional embodiment, the information receiver constructs the information merging task according to a preset careless transmission protocol and the target information vector; executing the information merging task in an interaction mode with the information sender, and obtaining an initial information set according to a task execution result; traversing the initial information set to obtain the union information between the information receiver and the information sender; and the information merging task is in an execution state, the information receiving party inputs a target information vector, and the information transmitting party inputs sub-service information.
In an optional embodiment, the information receiver selects a j-th initial information from the initial information set, and determines a third sub-information vector corresponding to the j-th initial information from the target information vectors; detecting whether the third sub information vector is a preset information vector; if yes, taking the j-th initial information as sub-union information, j is increased by 1, and executing the step of selecting the j-th initial information from the initial information set; if not, j increases by 1, and executing the step of selecting the j-th initial information in the initial information set; generating the union information between the information receiver and the information sender based on all sub-union information until j is self-increased to m; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
In the privacy set union method provided by the embodiment, in order to improve the efficiency of union information determination between the information receiver and the information sender and reduce the computational complexity and the cost, a truncation processing strategy, a replacement processing strategy and an inverse replacement processing strategy can be configured in advance in the information receiver and the information sender. When an information receiver needs to request an information sender to cooperate to perform information merging, the information receiver can firstly process the information of the receiver into first service information by utilizing a receiver key and a truncation processing strategy and send the first service information to the information sender; simultaneously receiving sender encryption information submitted by an information sender, processing the sender encryption information into information to be truncated by utilizing a receiver key and a replacement processing strategy, and sending the information to the information sender; the first service information and the information to be truncated are processed into the same ciphertext, so that the information sender can process more conveniently. After receiving the information, the information sender can process the information to be truncated into second service information by using a truncation processing strategy; the first service information and the second service information can be aligned, and then the first service information and the second service information are compared, so that an initial information vector can be obtained and sent to an information receiver. Finally, the information receiver can utilize the reverse replacement processing strategy to convert the initial information vector into a target information vector; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender, so that the information receiver can determine the merging information between the information receiver and the information sender according to the need. When the information receiver and the information sender perform merging processing, the calculation complexity can be effectively reduced, and the calculation cost is reduced, so that the merging of the data is completed in a ciphertext state, and the information receiver can perform subsequent service processing more conveniently.
The above is an exemplary scheme of a method for merging privacy sets according to this embodiment. It should be noted that, the technical solution of the privacy set union method and the technical solution of the privacy set union system belong to the same concept, and details of the technical solution of the privacy set union method which are not described in detail can be referred to the description of the technical solution of the privacy set union system.
Fig. 5 illustrates a block diagram of a computing device 500, provided in accordance with an embodiment of the present application. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530 and database 550 is used to hold data.
Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include public switched telephone networks (PSTN, public Switched Telephone Network), local area networks (LAN, local Area Network), wide area networks (WAN, wide Area Network), personal area networks (PAN, personal Area Network), or combinations of communication networks such as the internet. The access device 540 may include one or more of any type of network interface, wired or wireless (e.g., network interface card (NIC, network interface controller)), such as an IEEE802.11 wireless local area network (WLAN, wireless Local Area Network) wireless interface, a worldwide interoperability for microwave access (Wi-MAX, worldwide Interoperability for Microwave Access) interface, an ethernet interface, a universal serial bus (USB, universal Serial Bus) interface, a cellular network interface, a bluetooth interface, a near field communication (NFC, near Field Communication) interface, and so forth.
In one embodiment of the present application, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device illustrated in FIG. 5 is for exemplary purposes only and is not intended to limit the scope of the present application. Those skilled in the art may add or replace other components as desired.
Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or personal computer (PC, personal Computer). Computing device 500 may also be a mobile or stationary server.
Wherein the processor 520 is configured to execute computer-executable instructions of the privacy set union method.
The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the above-mentioned privacy set union method belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the above-mentioned privacy set union method.
An embodiment of the present application also provides a computer-readable storage medium storing computer instructions that, when executed by a processor, are configured for a privacy set union method.
The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the above-mentioned privacy set union method belong to the same concept, and details of the technical solution of the storage medium which are not described in detail can be referred to the description of the technical solution of the above-mentioned privacy set union method.
The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the content of the computer readable medium can be increased or decreased appropriately according to the requirements of the patent practice, for example, in some areas, according to the patent practice, the computer readable medium does not include an electric carrier signal and a telecommunication signal.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all necessary for the present application.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The above-disclosed preferred embodiments of the present application are provided only as an aid to the elucidation of the present application. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the teaching of this application. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. This application is to be limited only by the claims and the full scope and equivalents thereof.

Claims (9)

1. The privacy set union system is characterized by comprising an information receiver and an information sender, wherein the information receiver and the information sender are configured with a truncation processing strategy, a replacement processing strategy and an inverse replacement processing strategy, and the privacy set union system comprises:
the information receiver is used for loading a receiver key and receiver information in response to the information processing request; encrypting the receiver information by using the receiver key to obtain receiver encryption information; performing truncation processing on the encryption information of the receiving party according to the truncation processing strategy to obtain first service information, and sending the first service information to the information sending party; under the condition that sender encryption information submitted by the information sender is received, encrypting the sender encryption information by utilizing the receiver key to obtain information to be replaced; performing position replacement on sub-replacement information contained in the information to be replaced according to the replacement processing strategy to obtain information to be truncated, and sending the information to the information sender;
the information sender is used for processing the information to be truncated into second service information by utilizing the truncation processing strategy; comparing the first service information with the second service information to obtain an initial information vector and sending the initial information vector to the information receiver;
The information receiver is further configured to convert the initial information vector into a target information vector by using the inverse permutation policy; and creating an information merging task according to the target information vector, and executing the information merging task in an interaction mode with the information sender to obtain the union information between the information receiver and the information sender.
2. The system of claim 1, wherein the information sender is further configured to load a sender key and sender information in response to the information processing request; and encrypting the sender information by using the sender key to obtain the sender encrypted information, and sending the sender encrypted information to the information receiver.
3. The system of claim 1, wherein the information sender is further configured to perform truncation processing on the information to be truncated according to the truncation processing policy, to obtain the second service information; comparing the first service information with the second service information, and determining a plurality of sub-information vectors according to a comparison result; and splicing the plurality of sub information vectors to obtain the initial information vector.
4. The system of claim 3, wherein the information sender is further configured to read an i-th sub-service information from the second service information according to the comparison result, and detect whether the i-th sub-service information belongs to the first service information; if yes, determining a first sub-information vector corresponding to the ith sub-service information, i increasing by 1, and executing the step of reading the ith sub-service information from the second service information; if not, determining a second sub-information vector corresponding to the ith sub-service information, i is increased by 1, and executing the step of reading the ith sub-service information from the second service information; taking all the first sub-information vectors and all the second sub-information vectors as the plurality of sub-information vectors until i is increased to n; wherein i is a positive integer from 1, and n is the number of sub-service information contained in the second service information.
5. The system of claim 1, wherein the information receiver is further configured to construct the information merging task according to a preset careless transmission protocol and the target information vector; executing the information merging task in an interaction mode with the information sender, and obtaining an initial information set according to a task execution result; traversing the initial information set to obtain the union information between the information receiver and the information sender; and the information merging task is in an execution state, the information receiving party inputs a target information vector, and the information transmitting party inputs sub-service information.
6. The system of claim 5, wherein the information receiver is further configured to select a j-th initial information from the initial information set, and determine a third sub-information vector corresponding to the j-th initial information from the target information vectors; detecting whether the third sub information vector is a preset information vector; if yes, taking the j-th initial information as sub-union information, j is increased by 1, and executing the step of selecting the j-th initial information from the initial information set; if not, j increases by 1, and executing the step of selecting the j-th initial information in the initial information set; generating the union information between the information receiver and the information sender based on all sub-union information until j is self-increased to m; wherein j is a positive integer from 1, and m is the number of initial information contained in the initial information set.
7. The privacy set union calculating method is characterized by being applied to a privacy set union calculating system, wherein the privacy set union calculating system comprises an information receiver and an information sender, and the information receiver and the information sender are configured with a truncation processing strategy, a replacement processing strategy and an inverse replacement processing strategy, and the method comprises the following steps:
The information receiver responds to the information processing request to load a receiver key and receiver information; encrypting the receiver information by using the receiver key to obtain receiver encryption information; the encryption information of the receiving party is truncated according to the truncation strategy to obtain first service information, the first service information is sent to the information sending party, and under the condition that the encryption information of the sending party submitted by the information sending party is received, the encryption information of the sending party is encrypted by utilizing the encryption key of the receiving party to obtain information to be replaced; performing position replacement on sub-replacement information contained in the information to be replaced according to the replacement processing strategy to obtain information to be truncated;
the information sender processes the information to be truncated into second service information by utilizing the truncation processing strategy, and compares the first service information with the second service information to obtain an initial information vector;
the information receiver converts the initial information vector into a target information vector by using the reverse substitution processing strategy, creates an information merging task according to the target information vector, and executes the information merging task in an interaction mode with the information sender to obtain the union information between the information receiver and the information sender.
8. A computing device, comprising:
a memory and a processor;
the memory is for storing computer-executable instructions for executing the steps of the method of claim 7.
9. A computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the method of claim 7.
CN202311504898.1A 2023-11-13 2023-11-13 Privacy set union system and method Active CN117240620B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311504898.1A CN117240620B (en) 2023-11-13 2023-11-13 Privacy set union system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311504898.1A CN117240620B (en) 2023-11-13 2023-11-13 Privacy set union system and method

Publications (2)

Publication Number Publication Date
CN117240620A CN117240620A (en) 2023-12-15
CN117240620B true CN117240620B (en) 2024-02-06

Family

ID=89082906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311504898.1A Active CN117240620B (en) 2023-11-13 2023-11-13 Privacy set union system and method

Country Status (1)

Country Link
CN (1) CN117240620B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1292185A (en) * 1998-01-19 2001-04-18 特伦斯·E·萨姆纳 Method and apparatus for conveying private message to selected members
WO2021225630A1 (en) * 2020-05-05 2021-11-11 Google Llc Encrypted search over encrypted data with reduced volume leakage
CN115426111A (en) * 2022-06-13 2022-12-02 中国第一汽车股份有限公司 Data encryption method and device, electronic equipment and storage medium
CN115766190A (en) * 2022-11-10 2023-03-07 北京海泰方圆科技股份有限公司 Random set element encryption method, random set element decryption method and electronic equipment
CN115935438A (en) * 2023-02-03 2023-04-07 杭州金智塔科技有限公司 Data privacy intersection system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017870A1 (en) * 2008-07-18 2010-01-21 Agnik, Llc Multi-agent, distributed, privacy-preserving data management and data mining techniques to detect cross-domain network attacks
US10210266B2 (en) * 2016-05-25 2019-02-19 Microsoft Technology Licensing, Llc Database query processing on encrypted data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1292185A (en) * 1998-01-19 2001-04-18 特伦斯·E·萨姆纳 Method and apparatus for conveying private message to selected members
WO2021225630A1 (en) * 2020-05-05 2021-11-11 Google Llc Encrypted search over encrypted data with reduced volume leakage
CN115426111A (en) * 2022-06-13 2022-12-02 中国第一汽车股份有限公司 Data encryption method and device, electronic equipment and storage medium
CN115766190A (en) * 2022-11-10 2023-03-07 北京海泰方圆科技股份有限公司 Random set element encryption method, random set element decryption method and electronic equipment
CN115935438A (en) * 2023-02-03 2023-04-07 杭州金智塔科技有限公司 Data privacy intersection system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
垂直划分多决策表下基于条件信息熵的隐私保护属性约简;叶明全;胡学钢;伍长荣;;山东大学学报(理学版)(09);全文 *

Also Published As

Publication number Publication date
CN117240620A (en) 2023-12-15

Similar Documents

Publication Publication Date Title
Mahalle et al. Threshold cryptography-based group authentication (TCGA) scheme for the Internet of Things (IoT)
JP3816337B2 (en) Security methods for transmission in telecommunications networks
WO2018000317A1 (en) Secure data processing
De Cristofaro et al. Reclaiming privacy for smartphone applications
EP2409453B1 (en) A method for secure communication in a network, a communication device, a network and a computer program therefor
Huang et al. Secure two-party distance computation protocol based on privacy homomorphism and scalar product in wireless sensor networks
Hassan et al. An efficient outsourced privacy preserving machine learning scheme with public verifiability
KR20210139344A (en) Methods and devices for performing data-driven activities
CN115051791B (en) Efficient three-party privacy set intersection method and system based on key agreement
CN116506124B (en) Multiparty privacy exchange system and method
CN115935438B (en) Data privacy exchange system and method
Job et al. A modified secure version of the Telegram protocol (MTProto)
CN109995739A (en) A kind of information transferring method, client, server and storage medium
CN114119021A (en) Image file security multi-party calculation method and system
US10530581B2 (en) Authenticated broadcast encryption
CN114944935A (en) Multi-party fusion computing system, multi-party fusion computing method and readable storage medium
CN116502732B (en) Federal learning method and system based on trusted execution environment
Daddala et al. Design and implementation of a customized encryption algorithm for authentication and secure communication between devices
CN117240620B (en) Privacy set union system and method
CN112217862A (en) Data communication method, device, terminal equipment and storage medium
Li et al. An efficient privacy-preserving bidirectional friends matching scheme in mobile social networks
CN113806795B (en) Two-party privacy set union calculation method and device
CN114944936A (en) Privacy routing server, encryption protocol conversion method and machine readable storage medium
WO2022185328A1 (en) System and method for identity-based key agreement for secure communication
Shin et al. A verifier-based password-authenticated key exchange using tamper-proof hardware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant