CN117454431B - Verifiable data privacy protection system and method for computing service outsourcing - Google Patents
Verifiable data privacy protection system and method for computing service outsourcing Download PDFInfo
- Publication number
- CN117454431B CN117454431B CN202311642352.2A CN202311642352A CN117454431B CN 117454431 B CN117454431 B CN 117454431B CN 202311642352 A CN202311642352 A CN 202311642352A CN 117454431 B CN117454431 B CN 117454431B
- Authority
- CN
- China
- Prior art keywords
- calculation
- share
- server
- data
- multiplication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 113
- 238000012946 outsourcing Methods 0.000 title claims abstract description 15
- 238000004364 calculation method Methods 0.000 claims abstract description 166
- 238000012795 verification Methods 0.000 claims abstract description 103
- 230000008569 process Effects 0.000 claims abstract description 80
- 238000010801 machine learning Methods 0.000 claims abstract description 73
- 239000000654 additive Substances 0.000 claims description 9
- 230000000996 additive effect Effects 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 5
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 13
- 238000006243 chemical reaction Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/04—Inference or reasoning models
Abstract
The invention discloses a verifiable data privacy protection system and a method for outsourcing a computing service, wherein a verification client and two proving servers perform initialization operation; both certification servers send private data commitments to the verification client; after the verification client receives the private data promise, respectively transmitting the data share required by machine learning reasoning to two proving servers; the verification client receives the calculation result share and the calculation process evidence fed back by the two proving servers; the calculated result share is obtained by performing machine learning reasoning service by two proving servers according to the acquired data share; the calculation process certification is generated by two certification servers for the calculation process in a zero knowledge certification mode; and the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained.
Description
Technical Field
The invention relates to the technical field of computing service outsourcing, in particular to a verifiable data privacy protection system and method for computing service outsourcing.
Background
The statements in this section merely relate to the background of the present disclosure and may not necessarily constitute prior art.
In recent years, the rapid development of machine learning related techniques provides a strong impetus for the social development. Machine learning techniques can be used to replace a significant amount of "repetitive" labor and to improve the efficiency of the associated process. The convenience technologies of intelligent driving, voice assistants and the like are also fully developed due to the progress of machine learning technologies. Machine learning will play an increasingly important role in various areas of society in the foreseeable future. In contrast, however, the demands for data and computational effort for machine learning are becoming greater, such as ChatGPT, which is popular in recent years, and the large AI supercomputers consisting of tens of thousands of a100 GPUs provide great computational effort, and the computational effort required to train models in the future is still increasing. Such huge amounts of calculation force are completely affordable to small companies and individual users, but accurate results cannot be obtained with lower calculation force, which is unacceptable in fields with higher requirements for model accuracy, such as medical diagnosis, intelligent driving, etc.
The client with limited computing resources can delegate data to the server, then a user can outsource computing tasks to the server, after the server receives a computing request, the computing is carried out on the data uploaded by the client, and a computing result is returned to the user.
Outsourcing computing tasks typically involve large amounts of private data, and because the server may misuse the user data, uploading the user data directly to the server may raise privacy concerns, and in addition, outsourcing computing may raise security concerns if the server returns an erroneous result of the computation.
Disclosure of Invention
In order to solve the possible data privacy protection and verifiable calculation problems in outsourcing machine learning, the invention provides a verifiable data privacy protection system and a verifiable data privacy protection method for outsourcing of a calculation service, which can provide protection of data privacy, verify a calculation result and ensure the security of outsourcing calculation.
In one aspect, a verifiable data privacy protection system for computing service outsourcing is provided, comprising: the method comprises the steps of verifying a client, a first proving server and a second proving server;
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
and the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained.
In another aspect, a verifiable data privacy protection method for computing service outsourcing is provided, comprising:
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
and the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained.
The technical scheme has the following advantages or beneficial effects:
the invention discloses an outsourcing calculation method capable of guaranteeing user data privacy and allowing verification, which is safe, reliable and efficient.
Based on the addition secret sharing technology and the zero knowledge proving technology, a verifiable privacy protection machine learning reasoning scheme is constructed. And verifying the correctness of calculation by a zero knowledge proof technology, and then ensuring the data privacy of the verification client by an addition secret sharing technology.
The zero knowledge proof technology adopts a zero knowledge proof scheme based on VOLE. Compared with other schemes, the method greatly reduces the memory overhead required in the proving process, so that the method is more suitable for verifying the calculation correctness of complex calculation tasks such as machine learning and the like.
For the mutual conversion of the zero knowledge proof protocol and the addition secret sharing protocol under the Boolean circuit and the arithmetic circuit, the scheme respectively completes the corresponding conversion by applying the edaBits scheme and the ABY scheme, so that the whole system can be applied to machine learning reasoning tasks.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a schematic overall technical path of a scheme of a first embodiment;
FIG. 2 is a schematic overall frame diagram of the first embodiment;
fig. 3 is a flow chart of a scheme of the first embodiment.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
Description of the terminology:
zero knowledge proof technique: zero knowledge proof, as a cryptographic primitive, was first proposed by Goldwasser et al in 1985, by which the proof server can prove the validity of a statement without revealing any other information to the verification client. Which has three basic characteristics, namely,
completeness: if the proving server and the verifying client execute the protocol honest and the proving server has valid evidence, the verifying client always accepts the statement.
Reliability: the malicious proof server cannot be deceived to verify the correctness of the statement believes by the client.
Zero knowledge: it is possible to prevent the malicious authentication client from knowing other information than the statement correctness.
In recent years, zero-knowledge proof technology has been rapidly developed, and both the computational complexity and the communication complexity are greatly reduced, and the zero-knowledge proof technology has been applied to the fields of blockchain, distributed computing and the like to verify the integrity of the computing. In recent years, zero-knowledge proof protocols based on VOLE have emerged, which have lower memory overhead and linear time computation overhead than other zero-knowledge proof schemes, making them more suitable for complex computation tasks than other zero-knowledge proof schemes.
Addition secret sharing protocol: the secret sharing protocol is used as a privacy computing technology in a multiparty scene, and can ensure that the privacy data is not known by any party in the computing process by splitting the privacy data into a plurality of parts and distributing the parts to a plurality of participants, and only the number of people reaching the scheme designation can reconstruct the privacy data. It can be divided into two phases:
in the secret distribution phase, the data owner splits the private data m into n shares (m 1 ,…,m n ) And distributing the data to n non-collusion computing parties, wherein the computing parties complete corresponding computing operations through interaction among the computing parties.
In the secret reconstruction stage, the calculator calculates the result r i And sending the data to a data owner, and reconstructing the data by the data owner to obtain a final calculation result r. The additive secret sharing scheme, which is one of the secret sharing techniques, may be referred to as an (n, n) -gated secret sharing protocol.
Example 1
The embodiment provides a verifiable data privacy protection system outsourced by a computing service;
as shown in fig. 1,2 and 3, a verifiable data privacy protection system outsourced to a computing service, comprising: the method comprises the steps of verifying a client, a first proving server and a second proving server;
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
and the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained.
Further, the verifying client, the first proving server and the second proving server perform initializing operation, which specifically includes:
verification clientFirst attestation Server->And a second attestation server->Initialization operation of vector unintentional linear evaluation (Vector Oblivious Linear Evaluation, VOLE) protocol is carried out together, and during the initialization operation, the verification client v obtains global keys +_ under the arithmetic circuit and the Boolean circuit respectively>Is->Wherein the method comprises the steps ofDomain space representing arithmetic circuitry, +.>Representing the domain space of the boolean circuit;
verification clientRespectively with the first proving server->And a second attestation server->Generating a set number of random VOLE relations for the calculation of commitments and multiplication gates of input values in a subsequent zero knowledge proof protocol, each random VOLE relation being regarded as a commitment to a value r therein [ r ]]Expressed as m=k+Δ·r, where +.>Authentication client with random number r and corresponding message authentication code M>Holds a local key K and a global key delta for the random VOLE relationship.
Verification clientRespectively first proving server->And a second attestation server->Generating n multiplication triplet shares {<a i > 1 ,<b i > 1 ,<c i > 1 },{<a i > 2 ,<b i > 2 ,<c i > 2 },i∈[1,n]Meets the following requirements<c i > 1 +<c i > 2 )=(<a i > 1 +<a i > 2 )·(<b i > 1 +<b i > 2 )。
Verification clientFirstly, 2n random numbers { x }, are selected i ,y i },i∈[1,n]And calculate the multiplication value z i =x i ·y i Thereafter verify client +.>3n random numbers { are selected<a i > 1 ,<b i > 1 ,<c i > 1 },i∈[1,n]As a first attestation server->Is sent to the first attestation server +.>Thereafter, the client is authenticated +.>Calculating a second attestation server->Multiplication ternary component of (2)<a i > 2 =x i -<a i > 1 ,<b i > 2 =y i -<b i > 1 ,<c i > 2 =z i -<c i > 1 ,i∈[1,n]And send to the second attestation server +.>To this end, verify client +.>Completing the generation and distribution work of n multiplication triples;
the verification client, the first attestation server, and the second attestation server each generate a commitment to the shares of the multiplicative triplet.
Further, the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively, and specifically comprises the following steps:
and the verification client generates corresponding data shares by means of secret sharing according to predicted data required in the machine learning reasoning task process, and distributes the data shares to the first proving server and the second proving server.
Further, after the data shares required by the machine learning reasoning are respectively sent to the first proving server and the second proving server, the method further comprises:
the first and second attestation servers receive the distributed data shares, and the first attestation server, the second attestation server, and the verification client together use a zero knowledge attestation protocol to generate commitments to the data shares.
Further, the first proving server, the second proving server and the verification client use a zero knowledge proving protocol together to generate promise for the data share, and the method specifically comprises the following steps:
hypothesis verification clientThe input data of (2) is { d } i },i∈[1,n]Verifying client->First n random values { r i },i∈[1,n]Then verify client +.>Subtraction s i =d i -r i 。
Verification clientWill { r i { s } i Respectively distributed as corresponding shares of input data to a first attestation serverSecond attestation Server->
The first and second attestation servers together with the verification client generate corresponding commitments to the received data shares.
In this process, since each party knows the corresponding data share, each proving server agrees with the verifying client as a message authentication code of the common commitment by committing the received data share without a common commitment of communication. Then, a common promise [ x ] is generated on the value x]In the process, the proving server directly takes alpha as the corresponding message authentication code M x And checkThe certification client only calculates the local key k x =α-Δ·x。
Further, the calculated result share is obtained by the machine learning reasoning service by the first proving server and the second proving server according to the obtained data share, and specifically includes:
(1) For linear operation in machine learning, adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit to finish calculation;
(2) For nonlinear operation in machine learning, data are expressed as Boolean values, and zero knowledge proof protocol and secret sharing protocol under a Boolean circuit are utilized for calculation;
(3) In the computation process, the edaBits scheme is used to implement the conversion operation between the boolean and arithmetic circuit lower protocols.
Further, the (1) for the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and specifically includes:
first attestation serverSecond attestation Server->Under an arithmetic circuit, linear operation is carried out through zero knowledge proof protocol and addition secret sharing:
firstly, supposing that the promise of the prediction data a, b for operation is [ a ], [ b ];
local key k with two commitments a ,k b A global key delta;
having a corresponding data share<a> 1 ,<b> 1 And the message authentication code corresponding to the share +.>
Having a corresponding data share<a> 2 ,<b> 2 And the message authentication code corresponding to the share +.>
The following relationships are satisfied:
and
Calculation of corresponding commitment addition [ c ]]=[a]+[b];Calculation of k c =k a +k b ;
Calculation of<c> 1 =<a> 1 +<b> 1 Is->
Calculation of<c> 2 =<a> 2 +<b> 2 Is->
Further, the (1) for the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and the method specifically further comprises:
for the corresponding committed multiplication operation [ c ] = [ a ] · [ b ], use is made of the multiplication triples generated in the initialization phase;
assume thatThe obtained multiplication triplet share is {<x> 1 ,<y> 1 ,<z> 1 },/>The obtained multiplication triplet share is {<x> 2 ,<y> 2 ,<z> 2 }, satisfy<z> 1 +<z> 2 =(<x> 1 +<x> 2 )·(<y> 1 +<y> 2 )。
Is->The two parties firstly calculate according to the multiplication triplet, and acquire:
<d> i =<a> i -<x> i ,<e> i =<b> i -<y> i ,i∈{1,2},
thereafterIs->Both parties are { through interaction<d> i ,<e> i And (3) obtaining:
d=<d> 1 +<d> 2 e=<e> 1 +<e> 2 。
Calculating the share of multiplication results<c> 1 =d·e+d·<y> 1 +<x> 1 ·e+<z> 1 ;
Calculating the share of multiplication results<c> 2 =d·<y> 2 +<x> 2 ·e+<z> 2 ;
Thus completing the calculation of the multiplication under the addition secret sharing protocol.
After this time, the process is completed,is->The data share to be acquired<c> 1 ,<c> 2 Commitment is made so that the three parties get the multiplication result commitment [ c ]]Satisfy->And (5) completing the calculation of the multiplication gate under the zero knowledge proof protocol.
Further, the (2) for nonlinear operation in machine learning, represents data as boolean values, and performs computation by using a zero knowledge proof protocol and a secret sharing protocol under boolean circuits, specifically includes:
for nonlinear computation in machine learning, a zero knowledge proof protocol and an additive secret sharing protocol under a boolean circuit are executed to verify the computational integrity and protect the privacy:
under boolean circuits, the data distribution phase of the additive secret sharing protocol uses exclusive or operations, which, for the private data a held by v,by choosing a random number r as the data share<a> 1 And calculate +.> Then will<a> 1 ,<a> 2 Distributed as data shares to->Completing private data distribution;
calculation of commitment exclusive-OR gate for additive secret sharing protocol All are completed locally:
NOT gate calculates c= -a, only byAnd performing inverting operation on the data share of one party:
<c> 1 =~<a> 1 ,<c> 2 =<a> 2 ;
calculation of c=a for promise and gate&b, byCorresponding triples (i.e., {<x> i ,<y> i ,<z> i I e {1,2}, satisfying z=x&y) to assist->And gate calculation is performed, namely, calculation is performed firstly:
thenPerforming interaction to obtain { d, e }, and thereafter calculating:
calculating the result share->
Calculating the result share->
Further, for the nonlinear operation in the machine learning, the step (2) of expressing the data as boolean values and calculating by using a zero knowledge proof protocol and a secret sharing protocol under the boolean circuit specifically further includes:
for zero knowledge proof agreements, the commitment types are substantially similar:
wherein, verify the customer endHolding a local key k and a global key Γ, attestation server +.>Holds data share { x } i ' corresponding message authentication code { m }, and i },i∈{1,2}。
the exclusive-or gate operates similarly to the adder gate under the arithmetic circuit for And (3) calculating:
attestation serverAnd (3) calculating:
for NOT operations [ c ]]=~[x],Local calculation +.>Attestation Server->Only the promise value x is required to be subjected to the negation operation under the secret sharing protocol.
Further, in the calculating process, the step (3) uses the edaBits scheme to implement the conversion operation between the boolean and arithmetic circuit lower protocol, and specifically includes:
for the mutual conversion between zero knowledge proving protocols, the conversion is completed through the proposed zk-edaBits protocol in the verifiable machine learning reasoning scheme Mystique;
conversion between boolean circuits and arithmetic circuits for an additive secret sharing scheme is accomplished by an existing efficient secret sharing conversion scheme ABY, wherein conversion from boolean circuits to arithmetic circuits for a secret sharing scheme can be accomplished by an inadvertent transmission (Oblivious Transfer, OT) protocol; for the secret sharing scheme, the conversion from the arithmetic circuit to the boolean circuit needs to convert the data share under the arithmetic circuit into Yao Dianlu and then from the Yao circuit into the data share under the boolean circuit.
It should be understood that for both linear and nonlinear computations in machine learning, we need to implement the conversion of zero knowledge proof protocol and secret sharing protocol between boolean circuits and arithmetic circuits so that privacy protection for verifiable machine learning reasoning tasks can be accomplished completely.
Further, the calculation process certification is generated by the first certification server and the second certification server for the calculation process in a zero knowledge certification mode, and specifically includes:
the promise scheme adopted based on zero knowledge proof has the property of homomorphism of addition, and for addition gate or exclusive-OR gate calculation, three parties do not need to communicate and only need to carry out corresponding addition promise calculation according to a circuit needing proof, so as to obtain an addition result promise.
For the calculation of the multiplication gate and the AND gate, the two proving servers firstly multiply or operate the promise value through a secret sharing protocol to generate a corresponding result value, and then promise the result value to the verification client by utilizing a pre-generated VOLE relation.
After the operation is completed, the two proving servers send the final result value to the verifying server for verification, and the proving of the whole calculation process is completed.
Further, the verification client verifies the computing process according to the obtained computing process certification, and specifically includes:
the verification of the promise of the multiplication result generated in the proving process specifically comprises the following steps:
let n prove the size of the circuit, i.e. there are n multiplier gates in the circuit, let c be the calculation on each multiplier gate i =a i ·b i ,i∈[1,n]: due toThe obtained multiplication result promises from->Acquisition of->Then the promise of the promise is verified i ]And [ a ] i ],[b i ]Satisfy relation c between i =a i ·b i ;
v computing from the local key in the corresponding commitment:
attestation serverCalculating through corresponding promise value share and corresponding message authentication code:
selecting a random value χ and sending it to +.>
Subsequently, the first and second heat exchangers are connected,and (3) calculating:
will be<U> j And<V> j send to authentication client->
Calculate->And verifies the equation w= = ("a<U> 1 +<U> 2 )+(<V> 1 +<V> 2 ) Whether delta is true or not, if so, consider that the obtained multiplication result promises to satisfy relationship c i =a i ·b i And (5) finishing the verification of the multiplication gate under the zero knowledge proof protocol.
For verification of the final calculation result, verification is performed by opening a promise mode:get by->Is->The transmitted final calculation result share<s> 1 ,<s> 2 And corresponding message authentication code->Then verify the equationWhether or not it is.
Further, the verification client verifies the computing process according to the obtained computing process certification, and specifically further comprises:
calculating c=a for and gate&b, the verification of the method specifically comprises the following steps: attestation serverObtaining the share of multiplication value through multiplication operation under the scheme of adding secret sharing<c> 1 ,<c> 2 Then add to it>Committing to generate commitment [ c ]]Finishing the proving process of the AND gate;
for batch verification of n AND gates, the equation:
the proof is made that the data of the test piece,representing the multiplication input value a i ,b i The sum of the message authentication codes of (c) is,representing the calculation between the corresponding local keys of the authentication client-> Generated by two attestation servers. In addition to ensuring coordinationSafety is proposed by randomizing the calculated values in the equation with a certain number of random VOLE.
For verification of the final result, the client is verifiedBy from->The obtained calculation result and the promise of the calculation result are verified, and thereafter->And obtaining the plaintext of the settlement result through secret reconstruction of the calculation result.
Further, the secret reconstruction is performed according to the calculated result share, and a final machine learning reasoning result is obtained, which specifically includes:
verifying client pairsThe generated proof completes verification, ensures that the calculation process is correct for the slave->The resulting final result share<s> 1 ,<s> 2 The final calculation result s, s=is obtained by addition reconstruction<s> 1 +<s> 2 。
In this scheme, three entities are included, namely, an authentication client and two certification servers.
The verification client is responsible for providing the privacy data required by machine learning reasoning as a data provider and distributing the privacy data to two proving servers through addition secret sharing, and is also responsible for providing multiplication triples for two proving parties for multiplication operations between shares.
The proving server is used as a calculating party, performs machine learning reasoning service according to the acquired data share, and generates corresponding calculating process proving for the calculating process through zero knowledge proving. After the calculation is completed, the proving server returns the result share obtained after the calculation and the calculated proving to the verifying client.
And the verification client verifies the calculation process according to the obtained calculation evidence, and if the two obtained evidence are verified to be correct, the verification client carries out secret reconstruction according to the obtained result share to obtain a final calculation result. According to the scheme, the zero knowledge proof technology is utilized to ensure the accuracy of calculation of the two proof servers, and the secret sharing technology is utilized to ensure the security of the private data of the verification client.
The privacy machine learning model held by the verification server and the precision thereof can be verified according to the zero knowledge characteristic of the zero knowledge proof. The two proving servers are assumed to hold the same model, and the two parties are guaranteed not to conduct collusion, at the moment, the proving servers can firstly conduct commitment on model parameters to the verification client by using a cryptographic commitment scheme, then the verification client can conduct testing on model precision by using test data, and if the model precision meets the requirement of the verification client, the verification client distributes privacy data through a secret sharing technology, and a machine learning reasoning process is conducted.
The specific steps of the scheme of the invention are as follows:
(1) The verification client performs initialization operation with the proving server, the verification client executes an initialization stage of a zero knowledge proving protocol under an arithmetic circuit and a Boolean circuit, and obtains a set number of multiplication triples to be distributed to the two proving servers for subsequent multiplication operation under a secret sharing protocol.
(2) And in a secret distribution stage of the addition secret sharing protocol, the verification client distributes data required for machine learning reasoning by generating a corresponding number of random numbers.
(3) After the attestation server obtains the distributed data shares, the attestation server and the verification client together use a zero knowledge attestation protocol to generate commitments to the data shares. The attestation server performs a corresponding calculation operation using the acquired data shares.
(4) For linear operation in machine learning, the calculation can be completed only by a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit.
(5) For nonlinear operation in machine learning, operations such as comparison and floating point number are involved, so that we need to represent data as boolean values and perform corresponding computation by using a zero knowledge proof protocol and a secret sharing protocol under boolean circuits.
(6) Since linear computation and nonlinear computation in machine learning require zero knowledge proof and secret sharing protocols under arithmetic circuits and boolean circuits, respectively, an edaBits scheme is required to implement the conversion operation between the boolean and arithmetic circuits under the protocols during computation.
(7) After the related calculation is completed, the proving server returns the calculation result to the verifying client together with the proving, and at this time, the verifying client can verify the correctness of the calculation result through proving. If the verification is correct, the verification client can reconstruct the secret to obtain the final machine learning reasoning result.
Example two
The embodiment provides a verifiable data privacy protection method for outsourcing a computing service, which comprises the following steps:
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
and the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A verifiable data privacy protection system outsourced to a computing service, comprising: the method comprises the steps of verifying a client, a first proving server and a second proving server;
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained;
the calculated result share is obtained by the machine learning reasoning service of the first proving server and the second proving server according to the obtained data share, and specifically comprises the following steps:
for linear operation in machine learning, adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit to finish calculation;
for nonlinear operation in machine learning, data are expressed as Boolean values, and zero knowledge proof protocol and secret sharing protocol under a Boolean circuit are utilized for calculation;
for the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and the method specifically comprises the following steps:
first attestation serverSecond attestation Server->Under an arithmetic circuit, linear operation is carried out through zero knowledge proof protocol and addition secret sharing:
firstly, supposing that the promise of the prediction data a, b for operation is [ a ], [ b ];
local key k with two commitments a ,k b A global key delta;
having a corresponding data share<a> 1 ,<b> 1 And the message authentication code corresponding to the share +.>
Having a corresponding data share<a> 2 ,<b> 2 And the message authentication code corresponding to the share +.>
The following relationships are satisfied:
and
Calculation of corresponding commitment addition [ c ]]=[a]+[b];Calculation of k c =k a +k b ;
Calculation of<c> 1 =<a> 1 +<b> 1 Is->
Calculation of<c> 2 =<a> 2 +<b> 2 Is->
For the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and the method specifically further comprises the following steps:
for the corresponding committed multiplication operation [ c ] = [ a ] · [ b ], use is made of the multiplication triples generated in the initialization phase;
assume thatThe obtained multiplication triplet share is {<x> 1 ,<y> 1 ,<z> 1 },/>The obtained multiplication triplet share is {<x> 2 ,<y> 2 ,<z> 2 }, satisfy<z> 1 +<z> 2 =(<x> 1 +<x> 2 )·(<y> 1 +<y> 2 );
Is->The two parties firstly calculate according to the multiplication triplet, and acquire:
<d> i =<a> i -<x> i ,<e> i =<b> i -<y> i ,i∈{1,2},
thereafterIs->Both parties are { through interaction<d> i ,<e> i And (3) obtaining:
d=<d> 1 +<d> 2 e=<e> 1 +<e> 2 ;
Calculating the share of multiplication results<c> 1 =d·e+d·<y> 1 +<x> 1 ·e+<z> 1 ;
Calculating the share of multiplication results<c> 2 =d·<y> 2 +<x> 2 ·e+<z> 2 ;
Thus completing the calculation of multiplication under the addition secret sharing protocol;
after this time, the process is completed,is->The data share to be acquired<c> 1 ,<c> 2 Commitment is made so that the three parties get the multiplication result commitment [ c ]]Satisfy->Completing the calculation of a multiplication gate under a zero knowledge proof protocol;
for the nonlinear operation in machine learning, the data is expressed as a boolean value, and the calculation is performed by using a zero knowledge proof protocol and a secret sharing protocol under a boolean circuit, which specifically comprises:
for nonlinear computation in machine learning, a zero knowledge proof protocol and an additive secret sharing protocol under a boolean circuit are executed to verify the computational integrity and protect the privacy:
under the Boolean circuit, the exclusive OR operation is utilized in the data distribution stage of the addition secret sharing protocol forFor the held private data a +.>By choosing a random number r as the data share<a> 1 And calculate +.>Then will<a> 1 ,<a> 2 As a number ofDistribution of the shared data to->Completing private data distribution;
calculation of commitment exclusive-OR gate for additive secret sharing protocolAll are completed locally:
NOT gate calculates c= -a, only byAnd performing inverting operation on the data share of one party:
<c> 1 =~<a> 1 ,<c> 2 =<a> 2 ;
calculation of c=a for promise and gate&b, byGenerating corresponding triplet {<x> i ,<y> i ,<z> i Aid ∈ })>And gate calculation is performed, namely, calculation is performed firstly:
thenPerforming interaction to obtain { d, e }, and thereafter calculating:
calculating the result share-> Calculating the result share->
For nonlinear operation in machine learning, the method represents data as boolean values, and calculates by using a zero knowledge proof protocol and a secret sharing protocol under boolean circuits, and specifically further comprises:
for zero knowledge proof agreements, the commitment types are substantially similar:
wherein, verify the customer endHolding a local key k and a global key Γ, attestation server +.>Holds data share { x } i ' corresponding message authentication code { m }, and i },i∈{1,2};
the exclusive-or gate operates similarly to the adder gate under the arithmetic circuit for And (3) calculating:
attestation serverAnd (3) calculating:
for NOT operations [ c ]]=~[x],Local calculation +.>Attestation Server->Performing a negation operation under a secret sharing protocol on the promised value x;
the verification client verifies the calculation process according to the obtained calculation process evidence, and specifically comprises the following steps: verification of promise for multiplication results generated during the attestation process:
let the size of the proof circuit be n, i.e. there are n gates in the circuit, let the calculation on each gate be c i =a i ·b i ,i∈[1,n]The method comprises the steps of carrying out a first treatment on the surface of the Due toThe obtained multiplication result promises from->Acquisition of->Then the promise of the promise is verified i ]And [ a ] i ],[b i ]Satisfy relation c between i =a i ·b i ;
From the local key calculation in the corresponding commitment:
attestation serverCalculating through corresponding promise value share and corresponding message authentication code:
selecting a random value χ and sending it to +.>
Subsequently, the first and second heat exchangers are connected,and (3) calculating:
will be<U> j And<V> j send to authentication client->
Calculate->And verifies the equation w= = ("a<U> 1 +<U> 2 )+(<V> 1 +<V> 2 ) Whether delta is true or not, if so, consider that the obtained multiplication result promises to satisfy relationship c i =a i ·b i The verification of the multiplication gate under the zero knowledge proof protocol is completed;
for verification of the final calculation result, verification is performed by opening a promise mode:get by->Is->The transmitted final calculation result share<s> 1 ,<s> 2 And corresponding message authentication code->Then verify the equationWhether or not to establish;
the verification client verifies the calculation process according to the obtained calculation process evidence, and specifically further comprises:
calculating c=a for and gate&b, the verification of the method specifically comprises the following steps: attestation serverObtaining the share of multiplication value through multiplication operation under the scheme of adding secret sharing<c> 1 ,<c> 2 Then add to it>Committing to generate commitment [ c ]]Finishing the proving process of the AND gate;
for batch verification of n AND gates, the equation:
the proof is made that the data of the test piece,representing the multiplication input value a i ,b i The sum of the message authentication codes of (c) is,representing a calculation between the corresponding local keys of the authentication client,generated by two attestation servers;
for verification of the final result, the client is verifiedBy from->The obtained calculation result and the promise of the calculation result are verified, and thereafter->And obtaining the plaintext of the settlement result through secret reconstruction of the calculation result.
2. The computing service outsourced verifiable data privacy protection system of claim 1, wherein the verification client, the first attestation server, and the second attestation server perform an initialization operation, comprising:
verification clientFirst attestation Server->And a second attestation server->Initialization operation of vector unintentional linear evaluation VOLE protocol is carried out together, and during the initialization operation, the client side is verified +>Obtaining global key +.>Is->Wherein->Domain space representing arithmetic circuitry, +.>Representing the domain space of the boolean circuit;
verification clientRespectively with the first proving server->And a second attestation server->Generating a set number of random VOLE relations for the calculation of commitments and multiplication gates of input values in a subsequent zero knowledge proof protocol, each random VOLE relation being regarded as a commitment to a value r therein [ r ]]Expressed as m=k+Δ·r, where +.>Authentication client with random number r and corresponding message authentication code M>Holding a local key K and a global key delta for a random VOLE relationship;
verification clientRespectively first proving server->And a second attestation server->Generating n multiplication triplet shares {<a i > 1 ,<b i > 1 ,<c i > 1 },{<a i > 2 ,<b i > 2 ,<c i > 2 },i∈[1,n]Meets the following requirements<c i > 1 +<c i > 2 )=(<a i > 1 +<a i > 2 )·(<b i > 1 +<b i > 2 );
Verification clientFirstly, 2n random numbers { x }, are selected i ,y i },i∈[1,n]And calculate the multiplication value z i =x i ·y i Thereafter verify client +.>3n random numbers { are selected<a i > 1 ,Mb i > 1 ,<c i > 1 },i∈[1,n]As a first attestation server->Is sent to the first attestation server +.>Thereafter, the client is authenticated +.>Calculating a second attestation server->Multiplication ternary component of (2)<a i > 2 =x i -<a i > 1 ,<b i > 2 =y i -<b i > 1 ,<c i > 2 =z i -<c i > 1 ,i∈[1,n]And send to the second attestation server +.>To this end, verify client +.>Completing the generation and distribution work of n multiplication triples;
the verification client, the first attestation server, and the second attestation server each generate a commitment to the shares of the multiplicative triplet.
3. The computing service outsourced verifiable data privacy protection system of claim 1, wherein the verification client sends the data shares required for machine learning reasoning to the first attestation server and the second attestation server, respectively, specifically comprising:
the verification client generates corresponding data shares through a secret sharing mode according to predicted data required in the machine learning reasoning task process, and distributes the data shares to the first proving server and the second proving server;
after the data shares required by the machine learning reasoning are respectively sent to the first proving server and the second proving server, the method further comprises the following steps: the first and second attestation servers receive the distributed data shares, and the first attestation server, the second attestation server, and the verification client together use a zero knowledge attestation protocol to generate commitments to the data shares.
4. The verifiable data privacy protection system outsourced to a computing service of claim 3, wherein the first attestation server, the second attestation server, and the verification client together use a zero knowledge attestation protocol to generate commitments to data shares, comprising:
hypothesis verification clientThe input data of (2) is { d } i },i∈[1,n]Verifying client->First n random values { r i },i∈[1,n]Then verify client +.>Subtraction s i =d i –r i ;
Verification clientWill { r i { s } i Respectively distributed as a corresponding share of the input data to the first attestation server +.>Second attestation Server->
The first and second attestation servers together with the verification client generate corresponding commitments to the received data shares.
5. The verifiable data privacy protection method for computing service outsourcing is characterized by comprising the following steps:
the verification client, the first proving server and the second proving server perform initialization operation;
the verification client sends the data share required by machine learning reasoning to the first proving server and the second proving server respectively;
the verification client receives the calculation result share and the calculation process evidence fed back by the first proving server and the second proving server; the calculated result share is obtained by performing machine learning reasoning service by the first proving server and the second proving server according to the obtained data share; the calculation process certification is generated by a first certification server and a second certification server for the calculation process in a zero knowledge certification mode;
the verification client verifies the calculation process according to the obtained calculation process evidence, and if the calculation process is verified to be correct, secret reconstruction is carried out according to the calculation result share, so that a final machine learning reasoning result is obtained;
the calculated result share is obtained by the machine learning reasoning service of the first proving server and the second proving server according to the obtained data share, and specifically comprises the following steps:
for linear operation in machine learning, adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit to finish calculation;
for nonlinear operation in machine learning, data are expressed as Boolean values, and zero knowledge proof protocol and secret sharing protocol under a Boolean circuit are utilized for calculation;
for the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and the method specifically comprises the following steps:
first attestation serverSecond attestation Server->Under an arithmetic circuit, linear operation is carried out through zero knowledge proof protocol and addition secret sharing:
firstly, supposing that the promise of the prediction data a, b for operation is [ a ], [ b ];
local key k with two commitments a ,k b A global key delta;
having a corresponding data share<a> 1 ,<b> 1 And the message authentication code corresponding to the share +.>
Having a corresponding data share<a> 2 ,<b> 2 And the message authentication code corresponding to the share +.>
The following relationships are satisfied:
and
Calculation of corresponding commitment addition [ c ]]=[a]+[b];Calculation of k c =k a +k b ;
Calculation of<c> 1 =<a> 1 +<b> 1 Is->
Calculation of<c> 2 =<a> 2 +<b> 2 Is->
For the linear operation in the machine learning, the calculation is completed by adopting a zero knowledge proof protocol and a secret sharing protocol under an arithmetic circuit, and the method specifically further comprises the following steps:
for the corresponding committed multiplication operation [ c ] = [ a ] · [ b ], use is made of the multiplication triples generated in the initialization phase;
assume thatThe obtained multiplication triplet share is {<x> 1 ,<y> 1 ,<z> 1 },/>The obtained multiplication triplet share is {<x> 2 ,<y> 2 ,<z> 2 }, satisfy<z> 1 +<z> 2 =(<x> 1 +<x> 2 )·(<y> 1 +<y> 2 );
Is->The two parties firstly calculate according to the multiplication triplet, and acquire:
<d> i =<a> i -<x> i ,<e> i =<b> i -<y> i ,i∈{1,2},
thereafterIs->Both parties are { through interaction<d> i ,<e> i And (3) obtaining:
d=<d> 1 +<d> 2 e=<e> 1 +<e> 2 ;
Calculating the share of multiplication results<c> 1 =d·e+d·<y> 1 +<x> 1 ·e+<z> 1 ;
Calculating the share of multiplication results<c> 2 =d·<y> 2 +<x> 2 ·e+<z> 2 ;
Thus completing the calculation of multiplication under the addition secret sharing protocol;
after this time, the process is completed,is->The data share to be acquired<c> 1 ,<c> 2 Commitment is made so that the three parties get the multiplication result commitment [ c ]]Satisfy->Completing the calculation of a multiplication gate under a zero knowledge proof protocol;
for the nonlinear operation in machine learning, the data is expressed as a boolean value, and the calculation is performed by using a zero knowledge proof protocol and a secret sharing protocol under a boolean circuit, which specifically comprises:
for nonlinear computation in machine learning, a zero knowledge proof protocol and an additive secret sharing protocol under a boolean circuit are executed to verify the computational integrity and protect the privacy:
under the Boolean circuit, the exclusive OR operation is utilized in the data distribution stage of the addition secret sharing protocol forFor the held private data a +.>By choosing a random number r as the data share<a> 1 And calculate +.>Then will<a> 1 ,<a> 2 Distributed as data shares to->Completing private data distribution;
calculation of commitment exclusive-OR gate for additive secret sharing protocolAll are completed locally:
NOT gate calculates c= -a, only byAnd performing inverting operation on the data share of one party:
<c> 1 =~<a> 1 ,<c> 2 =<a> 2 ;
calculation of c=a for promise and gate&b, byGenerating corresponding triplet {<x> i ,<y> i ,<z> i Aid ∈ })>And gate calculation is performed, namely, calculation is performed firstly:
thenPerforming interaction to obtain { d, e }, and thereafter calculating:
calculating the result share->
Calculating the result share->
For nonlinear operation in machine learning, the method represents data as boolean values, and calculates by using a zero knowledge proof protocol and a secret sharing protocol under boolean circuits, and specifically further comprises:
for zero knowledge proof agreements, the commitment types are substantially similar:
wherein, verify the customer endHolding a local key k and a global key Γ, attestation server +.>Holds data share { x } i ' corresponding message authentication code { m }, and i },i∈{1,2};
the exclusive-or gate operates similarly to the adder gate under the arithmetic circuit for And (3) calculating:
attestation serverAnd (3) calculating:
for NOT operations [ c ]]=~[x],Local calculation +.>Attestation Server->Performing a negation operation under a secret sharing protocol on the promised value x;
the verification client verifies the calculation process according to the obtained calculation process evidence, and specifically comprises the following steps: verification of promise for multiplication results generated during the attestation process:
let the size of the proof circuit be n, i.e. there are n gates in the circuit, let the calculation on each gate be c i =a i ·b i ,i∈[1,n]The method comprises the steps of carrying out a first treatment on the surface of the Due toThe obtained multiplication result promises from->Acquisition of->Then the promise of the promise is verified i ]And [ a ] i ],[b i ]Satisfy relation c between i =a i ·b i ;
From the local key calculation in the corresponding commitment:
attestation serverCalculating through corresponding promise value share and corresponding message authentication code:
selecting a random value χ and sending it to +.>
Subsequently, the first and second heat exchangers are connected,and (3) calculating:
will be<U> j And<V> j send to authentication client->
Calculate->And verifies the equation w= = ("a<U> 1 +<U> 2 )+(<V> 1 +<V> 2 ) Whether or not delta is true, ifIf true, consider that the obtained multiplication result promises to satisfy relationship c i =a i ·b i The verification of the multiplication gate under the zero knowledge proof protocol is completed;
for verification of the final calculation result, verification is performed by opening a promise mode:get by->Is->The transmitted final calculation result share<s> 1 ,<s> 2 And corresponding message authentication code->Then verify the equationWhether or not to establish;
the verification client verifies the calculation process according to the obtained calculation process evidence, and specifically further comprises:
calculating c=a for and gate&b, the verification of the method specifically comprises the following steps: attestation serverObtaining the share of multiplication value through multiplication operation under the scheme of adding secret sharing<c> ∑ ,<c> 2 Then add to it>Committing to generate commitment [ c ]]Finishing the proving process of the AND gate;
for batch verification of n AND gates, the equation:
the proof is made that the data of the test piece,representing the multiplication input value a i ,b i The sum of the message authentication codes of (c) is,representing a calculation between the corresponding local keys of the authentication client,generated by two attestation servers;
for verification of the final result, the client is verifiedBy from->The obtained calculation result and the promise of the calculation result are verified, and thereafter->And obtaining the plaintext of the settlement result through secret reconstruction of the calculation result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311642352.2A CN117454431B (en) | 2023-12-01 | 2023-12-01 | Verifiable data privacy protection system and method for computing service outsourcing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311642352.2A CN117454431B (en) | 2023-12-01 | 2023-12-01 | Verifiable data privacy protection system and method for computing service outsourcing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117454431A CN117454431A (en) | 2024-01-26 |
| CN117454431B true CN117454431B (en) | 2024-03-29 |
Family
ID=89591111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311642352.2A Active CN117454431B (en) | 2023-12-01 | 2023-12-01 | Verifiable data privacy protection system and method for computing service outsourcing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117454431B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112488227A (en) * | 2020-12-07 | 2021-03-12 | 武汉大学 | Auditable outsourcing machine learning service method for providing integrity verification |
| CN113111373A (en) * | 2021-05-13 | 2021-07-13 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
| CN116992480A (en) * | 2023-07-10 | 2023-11-03 | 上海科技大学 | Method for providing publicly verifiable outsourcing computing service |
| CN117014137A (en) * | 2023-07-10 | 2023-11-07 | 上海科技大学 | Safe and efficient multi-server outsourcing polynomial computing method |
-
2023
- 2023-12-01 CN CN202311642352.2A patent/CN117454431B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112488227A (en) * | 2020-12-07 | 2021-03-12 | 武汉大学 | Auditable outsourcing machine learning service method for providing integrity verification |
| CN113111373A (en) * | 2021-05-13 | 2021-07-13 | 北京邮电大学 | Random number generation method of VBFT (visual basic FT) consensus mechanism and consensus mechanism system |
| CN116992480A (en) * | 2023-07-10 | 2023-11-03 | 上海科技大学 | Method for providing publicly verifiable outsourcing computing service |
| CN117014137A (en) * | 2023-07-10 | 2023-11-07 | 上海科技大学 | Safe and efficient multi-server outsourcing polynomial computing method |
Non-Patent Citations (2)
| Title |
|---|
| "Flexible privacy-preserving machine learning: When searchable encryption meets homomorphic encryption";Haixin Jia等;《Int J Intell Svst.》;20221231;第9173-9191页 * |
| "Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits";Chenkai Weng等;《2021 IEEE Symposium on Security and Privacy (SP)》;20211231;第1074-1091页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117454431A (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3769467B1 (en) | Computer-implemented system and method for exchange of data | |
| JP5925969B2 (en) | Input consistency verification for two-party secret function calculation | |
| Lu et al. | A secure and scalable data integrity auditing scheme based on hyperledger fabric | |
| JP7453911B2 (en) | System and method for securely sharing cryptographic materials | |
| Chandran et al. | {SIMC}:{ML} inference secure against malicious clients at {Semi-Honest} cost | |
| Banerjee et al. | Demystifying the Role of zk-SNARKs in Zcash | |
| Baum et al. | Eagle: Efficient privacy preserving smart contracts | |
| Aliasgari et al. | Secure computation of hidden Markov models | |
| Backes et al. | Efficient non-interactive zero-knowledge proofs in cross-domains without trusted setup | |
| Tran et al. | An efficient privacy-enhancing cross-silo federated learning and applications for false data injection attack detection in smart grids | |
| Liu et al. | Secure three-party computational protocols for triangle area | |
| JP2023158097A (en) | Computer-implemented system and method for controlling processing step of distributed system | |
| CN117454431B (en) | Verifiable data privacy protection system and method for computing service outsourcing | |
| RU2570700C1 (en) | Method of designing system for "own-alien" recognition based on zero-knowledge protocol | |
| Fajiang et al. | An efficient anonymous remote attestation scheme for trusted computing based on improved CPK | |
| Kim et al. | A key recovery protocol for multiparty threshold ecdsa schemes | |
| Keshavarzkalhori et al. | Federify: A Verifiable Federated Learning Scheme Based on zkSNARKs and Blockchain | |
| Wang et al. | zkFL: Zero-Knowledge Proof-based Gradient Aggregation for Federated Learning | |
| CN115499135B (en) | Ring signature method and system based on symmetric passwords | |
| CN116383848B (en) | Method, equipment and medium for preventing illegal use in three-party security calculation | |
| Santos | Cryptography for pragmatic distributed trust and the role of blockchain | |
| Liu et al. | Privacy-Preserving and Verifiable Outsourcing Linear Inference Computing Framework | |
| Mansouri | Performance and Verifiability of IoT Security Protocols | |
| Peng et al. | Privacy-Preserving Truth Discovery Based on Secure Multi-Party Computation in Vehicle-Based Mobile Crowdsensing | |
| Park et al. | A Blockchain-based Protocol of Trusted Setup Ceremony for Zero-Knowledge Proof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |