CN117519646B - Random data generation method and device, electronic equipment and storage medium - Google Patents

Random data generation method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117519646B
CN117519646B CN202410025777.7A CN202410025777A CN117519646B CN 117519646 B CN117519646 B CN 117519646B CN 202410025777 A CN202410025777 A CN 202410025777A CN 117519646 B CN117519646 B CN 117519646B
Authority
CN
China
Prior art keywords
data
random
prime number
target
participant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410025777.7A
Other languages
Chinese (zh)
Other versions
CN117519646A (en
Inventor
李艳斌
王宗岳
陈思
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Open Security Research Inc
Original Assignee
Open Security Research Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Open Security Research Inc filed Critical Open Security Research Inc
Priority to CN202410025777.7A priority Critical patent/CN117519646B/en
Publication of CN117519646A publication Critical patent/CN117519646A/en
Application granted granted Critical
Publication of CN117519646B publication Critical patent/CN117519646B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Abstract

The embodiment of the application discloses a random data generation method, a device, electronic equipment and a storage medium for multiparty security calculation, which comprise the following steps: acquiring a plurality of random data of a participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant over the first prime number domain; the slicing comprises: randomly slicing data; based on the Chinese remainder theorem, determining congruence solutions of random data slicing of the participants on a plurality of first prime number domains, and taking the congruence solutions as target random data slicing of the participants on a second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain; determining target random data, wherein the target random data comprises target fragments of all participants; the target fragments comprise target data random fragments; this can improve the computational efficiency and the computational power.

Description

Random data generation method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of information security technologies, but not limited to, and in particular, to a method and apparatus for generating random data, an electronic device, and a storage medium.
Background
As one of classical multiparty secure computing (Multi-Party Computation, MPC) protocols, the SPDZ series of protocols is divided into a preprocessing phase and an online computing phase. The preprocessing phase requires the individual parties to generate random data material in accordance with the preprocessing protocol, which is used for the computation of the contract functions in the online computation phase. For the security of the participant private data, the random input value of the preprocessing protocol is typically a value in the large prime domain, while the bit length of the locally supported data is smaller than the bit length of the random input value, resulting in poor computational performance.
Disclosure of Invention
The embodiment of the application provides a random data generation method and device, electronic equipment and storage medium, which can realize the calculation process of a preprocessing stage in a large prime number domain through the parallel calculation processes in a plurality of small prime number domains, and can improve the calculation performance.
The technical scheme of the application is realized as follows:
the embodiment of the application provides a random data generation method which is applied to multiparty security calculation and comprises the following steps:
acquiring a plurality of random data of a participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant on the first prime number domain; the slicing includes: randomly slicing data; based on the Chinese remainder theorem, determining congruence solutions of the random data slicing of the participant on a plurality of first prime number domains as target random data slicing of the participant on a second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain; determining target random data, wherein the target random data comprises target fragments of all participants; the target shard includes the target data random shard.
The embodiment of the application provides a random data generation device which is applied to multiparty security calculation and comprises the following components:
the acquisition module is used for acquiring a plurality of random data of the participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant on the first prime number domain; the slicing includes: randomly slicing data;
the determining module is used for determining congruence solutions of the random data fragments of the participants on a plurality of first prime number domains based on the Chinese remainder theorem and taking the congruence solutions as target random data fragments of the participants on a second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain; determining target random data, wherein the target random data comprises target fragments of all participants; the target shard includes the target data random shard.
The embodiment of the application provides electronic equipment, which comprises:
a memory for storing a computer program executable on the processor;
and a processor for implementing the steps of the above method when executing the computer program.
An embodiment of the present application provides a storage medium, including:
on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
The random data generation method, the device, the electronic equipment and the storage medium are used for enabling a participant to generate a plurality of random data in a plurality of first prime number domains, determining congruence solutions of the plurality of random data according to the China remainder theorem, obtaining target random data and preparing for an online computing stage; in this way, the generation process of the target random data in the second prime number domain can be converted into a process of generating a plurality of random data in parallel in a plurality of first prime number domains, and then determining congruence solutions of the plurality of random data; therefore, the large number of calculation processes are converted into a plurality of decimal parallel calculation processes, the calculation efficiency of the preprocessing stage is improved, and the calculation capacity is further improved.
Drawings
Fig. 1 is a schematic flow chart of a random data generating method according to an embodiment of the present application;
fig. 2 is a second flowchart of a random data generating method according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of generating random data of a target multiplication triplet according to an embodiment of the present application;
Fig. 4 is a flowchart of a random data generating method according to an embodiment of the present application;
FIG. 5 is a schematic flow chart of generating target input random data according to an embodiment of the present application;
fig. 6 is a flowchart of a random data generating method according to an embodiment of the present application;
fig. 7 is a schematic flow chart of generating target square random data according to an embodiment of the present application;
fig. 8 is a flowchart fifth of a random data generating method according to an embodiment of the present application;
fig. 9 is a schematic flow chart of generating target modulo inverse random data according to an embodiment of the present application;
fig. 10 is a flowchart of a random data generating method according to an embodiment of the present application;
fig. 11 is a flowchart seventh of a random data generating method according to an embodiment of the present application;
fig. 12 is a flowchart eighth of a random data generating method according to an embodiment of the present application;
fig. 13 is a schematic flow chart of generating target bit random data according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of a random data generating device according to an embodiment of the present application;
fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail with reference to the accompanying drawings, and the described embodiments should not be construed as limiting the present application, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a specific ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a specific order or sequence, as permitted, to enable embodiments of the application described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application only and is not intended to be limiting of the present application.
Before further elaborating on the embodiments of the present application, the terms and terms related to the embodiments of the present application are explained first, and the terms and terms related to the embodiments of the present application are applicable to the following explanation.
Multiparty security calculation: under the condition of no trusted third party, a plurality of participants holding the private data respectively execute the calculation of a contracted public function jointly under the condition of not exposing the private data.
SPDZ series protocol: the protocol is divided into a preprocessing stage and an online processing stage, and the preprocessing stage generates random data materials according to the protocol to prepare for the calculation of the contract function of the online processing stage.
Chinese remainder theorem: a method for solving a once-congruential group.
Homomorphic encryption: cryptography techniques based on computational complexity theory of mathematical problems. The homomorphically encrypted data is processed to obtain an output, and the output is decrypted, the result of which is the same as the output result obtained by processing the unencrypted original data by the same method.
In order to facilitate understanding of the present solution, before explaining the embodiments of the present application, an application background in the embodiments of the present application is explained.
The general concept of multiparty Secure computing (MPC) is at n participantsBetween, cooperatively calculate a public functionWhereinIs thatIs a private data of the same. MPC has very important application in the fields of cloud, big data, artificial intelligence and the like, and SPDZ series protocols are well-known MPC protocols for arithmetic circuits, including SPDZ-1, SPDZ-2, MASCOT, lowGear, highGear and the like, and are the technical foundation of a plurality of related products at present. The SPDZ series protocol provides different security versions for different application scenarios, such as SPDZ-1, MASCOT, lowGear, highGear, etc. provides positive security against malicious adversaries, while eliminating the part of these protocols used for detecting data illegal changes, these protocols only provide passive security against passive adversaries, SPDZ-2 provides a security property between passive security and positive security, and the protocol can resist attacks by malicious adversaries with a high probability.
In order to efficiently and safely perform the function of multiparty collaborative computing, the SPDZ series protocol includes two phases: a pretreatment stage and an online treatment stage. The preprocessing stage prepares random data material for the calculation of the online stage independent of the contract function to be calculated and its input, which enables the online processing stage to quickly complete the contract function calculation. The design of the on-line phase of the SPDZ series protocol is similar, whereas the preprocessing phase may be implemented by means of an unintentional transport protocol (Oblivious Transfer, OT) or homomorphic encryption (Homomorphic Encryption, HE). Here, the SPDZ series protocol requires the generation of 5 random data materials during the preprocessing phase: triple, input, square, inverse, bit, these random data materials need to be generated in the large prime number domain in order to secure the participant private data in online computing. For example, to guarantee no less than 40 bits of statistical security and no less than 128 bits of computational security, the random data material needs to be generated from a prime number field that is no less than 106 bits. In the related art, the software system of the device may support data with 64 bits or shorter bit length, and the calculation of data with bit length higher than 64 bits consumes more calculation power, which affects the calculation efficiency of generating random data material, resulting in poor calculation performance in the preprocessing stage.
The embodiment of the application provides a random data generation method and device for multiparty secure computation, electronic equipment and storage medium, which can improve the computation performance of a preprocessing stage. An exemplary application of the electronic device provided by the embodiments of the present application is described below, where the electronic device provided by the embodiments of the present application may be implemented as various types of devices with data processing capabilities, such as a notebook computer, a tablet computer, a desktop computer, a server, and the like.
An embodiment of the present application provides a flow of an optional method for generating random data for multiparty security computation, as shown in fig. 1, the method may include: S101-S103.
S101, acquiring a plurality of random data of a participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant over the first prime number domain; the slicing comprises: data was randomly fragmented.
In the embodiment of the application, each participant can be divided from m small prime number domainsWherein m is a positive integer and m is more than or equal to 2; wherein,≥k≥1;representing a corresponding prime number fieldIs a mold of (a). Each participant may then generate random data on each small number domain according to the random generation protocol of the preprocessing stage The method comprises the steps of carrying out a first treatment on the surface of the Random data of the participant on a plurality of small number domains is obtained. Wherein random data of any one party on the small number domain may include fragments of each party on the small number domain. Each participant only knows the fragments held locally and not the fragments held by the other participants. In some embodiments, the random data may also include an identification of the data owner, or the like. Wherein the fragmentation may include random fragmentation of data. In some embodiments, the shards may also be authenticatable shards, including: random fragmentation of data and other fragments for authentication, for example: authentication key fragmentation and data authentication MAC fragmentation. The small prime number domain is the first prime number domain. Here, the number of the plurality of random data may be set as needed, and the embodiment of the present application is not limited.
In the embodiment of the application, the random generation protocol of the SPDZ in the preprocessing stage includes 5 kinds: multiplication triplet protocolInput protocolSquare protocolModulo inversion protocolSum bit protocolThe method comprises the steps of carrying out a first treatment on the surface of the According to these 5 random generation protocols, 5 kinds of random data can be generated.
In embodiments of the present application, the product of the number of multiple prime number fields and the calculated bit length supported by the electronic device of the participant may be greater than or equal to the bit length of the random data material. The longer the bit length of the random data material, the higher the communication security and the higher the computational demands. Here, the bit length of the random data material may be implemented by a plurality of small bit lengths, the random data of the small bit lengths being generated based on the random values in the first prime number domain.
In the present embodiment, to protect private dataSecurity of private dataTypically having a data structureData structureI.e., slicing, which may include random slicing of data for each participant, as shown in equation (1).
Formula (1)
Wherein,representing participantsIs used for random fragmentation of the data of the (a),in the finite fieldThe above satisfies the formula (2), whereinIs thatIs a mold of (a).
Formula (2)
In some embodiments, to increase the security of the SPDZ series protocol, the random data may further include authentication key fragmentation and MAC fragmentation, as shown in equation (3); here, the data structure of the random data may be set as needed, and the embodiments of the present application are not limited.
Formula (3)
Wherein,representing participantsAuthentication key fragmentation in a finite fieldThe formula (4) is satisfied;representing participantsMAC fragmentation of (c) in finite fieldThe MAC relationship shown in equation (6) and equation (5) are satisfied.
Formula (4)
Formula (5)
Formula (6)
It should be noted that, the random data fragments correspond to the MAC fragments one by one. Illustratively, the data random slicing includes:andthe corresponding MAC slice includes:and. Wherein, Authentication key sharding of (1)After the setting is completed, the security calculation is kept unchanged in a plurality of times, and thus, the data is randomly slicedIn the case of a change, the data is randomly sliced according to equation (5)Corresponding MAC fragmentationChanges may also occur.
In the embodiment of the application, whenPrivate data of each party in a first prime number domain when determined from context or tentatively determinedMarking of the finite field can be omitted, simply
In this embodiment of the present application, the participant may set the preprocessing parameters at the preprocessing stage, and then select a plurality of prime numbers to be used as the modes of a plurality of first prime number domains, so as to generate random data corresponding to each first prime number domain. The preprocessing parameters are all parameters to be set in the preprocessing stage, for example: for the preprocessing stage based on HE, the modulus of a plurality of first prime number domains is used as the plaintext modulus of a plurality of homomorphic encryption algorithms, and the number of ciphertext slots, the ciphertext modulus and the like are required to be set, meanwhile, in order to ensure the statistical security, the HE algorithm supports the submerged noise with corresponding security level.
After the parameter setting is completed, each participant also needs to complete the key setting. For example, the private key, public key, re-linearization key, etc. of the HE encryption algorithm need to be set for the HE-based preprocessing stage. Authentication key fragmentation for each party over each first prime field is also provided at this step.
S102, determining congruence solutions of random data slicing of the participants on a plurality of first prime number domains based on the Chinese remainder theorem, and taking the congruence solutions as target random data slicing of the participants on a second prime number domain; the product of the modes of the plurality of first prime fields is equal to the mode of the second prime field.
In the embodiment of the present application, after obtaining the random data fragments of each participant in the plurality of first prime number domains, any one participant may determine, according to the chinese remainder theorem, a congruence solution of the plurality of random data fragments, as the target random data fragments of the participant in the second prime number domain. In this manner, the participant may determine target random data that includes a random slice of the target data.
The number of the first prime number domains is as followsThe number of the two-dimensional space-saving type,is a positive integer; any one first prime number domain is the kth first prime number domain, k is a positive integer, andand k is more than or equal to 1. For the participatorsThe random slicing of data includes:、…、. This is thenThe congruence solution of random fragmentation of data is shown in formulas (7) - (9).
Formula (7)
Formula (8)
Formula (9)
Wherein,i.e., the modulus of the second prime number domain,≥k≥1。namely, is a participantTarget data of (a) is randomly fragmented.
S103, determining target random data, wherein the target random data comprises target fragments of all the participants; the target shard includes the target data random shard.
In the embodiment of the application, the participant is determining the purpose of the participantAfter the target data are randomly segmented, the target segmentation of the target data can be determined, and then the target random data of the target data can be determined. In some embodiments, the random data of any one party includes, in addition to the random fragmentation of the data of the respective party: the data authentication fragments and the authentication key fragments, and the target fragments in the target random data can also comprise target MAC fragments of each participantAnd target authentication key fragmentation for each party. Each participantTarget MAC fragmentation of (a)Is the MAC fragmentation of the participant over m first prime number domainsIs a congruence solution of (2); each participantTarget authentication key sharding of (1)Is authentication key slicing of the party over m first prime number domainsIs a congruence solution of (c). nth participant(s)Individual MAC fragmentationSatisfying equation (10), target authentication key shardingWith destination MAC fragmentationSatisfy equation (11).
Formula (10)
Formula (11)
In this embodiment of the present application, the random fragmentation of the target data is obtained by randomly fragmenting a plurality of data, and the second prime number domain of the random fragmentation of the target data is modulo the second prime number domain of the random fragmentation of the target dataIs the product of the modes of a plurality of first prime number domains; that is, the sum of the bit lengths of the plurality of first pixel domains is equal to the bit length of the second pixel domain.
In this embodiment of the present application, after the participant sets the preprocessing parameters and the key in the preprocessing stage, the participant may perform calculation of the contract function in the online stage according to the authentication key fragmentation and the target random data of the second prime number domain determined based on the random values of the plurality of first prime number domains.
It can be understood that, because the participant can generate a plurality of random data in a plurality of first prime number domains, and then determine congruence solutions of the plurality of random data according to the Chinese remainder theorem, obtain target random data, and prepare for an online calculation stage; in this way, the generation process of the target random data in the second prime number domain can be converted into a process of generating a plurality of random data in parallel in a plurality of first prime number domains, and then determining congruence solutions of the plurality of random data; therefore, the large-number computing process is converted into a plurality of decimal parallel computing processes, the computing efficiency of the preprocessing stage is improved, and the computing performance is further improved.
In some embodiments of the present application, the random data comprises multiplicative triplet random data; the implementation of obtaining the plurality of random data of the participant on the plurality of first prime number fields in S101, as shown in fig. 2, may include: S201-S202.
S201, selecting corresponding first random values from a plurality of first prime number domains as first data random fragments of a participant on the plurality of first prime number domains; and selecting a corresponding second random value from the plurality of first prime number domains as a second random slice of data of the participant over the plurality of first prime number domains.
In the embodiment of the application, the participantsCan be from each first prime number domainIs selected to be a first random valueAnd obtaining the first random data fragments of the participant in the first prime number domains as the first random data fragments of the participant in the corresponding first prime number domains. Participant(s)Can be from each first prime number domainIs selected to be a second random valueAnd obtaining the second random data fragments of the participant in the first prime number domains as the second random data fragments of the participant in the corresponding first prime number domains.
S202, determining a third data random fragment of the participant on a plurality of first prime number domains according to a plurality of first data random fragments, a plurality of second data random fragments and a multiplication triplet protocol of the participant; wherein the sum of the first data random fragments of all the participants in any one first prime number domain in the first prime number domain is multiplied by the modulus of the sum of the second data random fragments of all the participants in the first prime number domain, and the modulus of the sum of the second data random fragments of all the participants in the first prime number domain is equal to the sum of the third data random fragments of all the participants in the first prime number domain; the random data slicing of the multiplication triplet random data of the participant on any one first prime number domain comprises the following steps: the first data of each participant on the first prime number domain is randomly sliced, the second data of each participant on the first prime number domain is randomly sliced, and the third data of each participant on the first prime number domain is randomly sliced.
In the embodiment of the application, the random data comprises multiplication triplet random data, and the participantsRequiring the protocol to be in accordance with multiplication tripletsAccording to the participantsIs determined in a plurality of first prime domainsRandom fragmentation of third data of (2). n participants in a first prime number domainRandom fragmentation of third data of (2)Satisfy equation (12).
Formula (12)
In the embodiment of the application, the participantsIn the multiplication triplet random data output by the multiplication triplet protocol, the slicing includes: first data structure on m first prime number domainsSecond data structureAnd a third data structure
In some embodiments of the present application, determining the implementation of the target random data in S103 may include: randomly fragmenting the first target dataRandom fragmentation of second target dataAnd third target data random fragmentationDetermining random data of a target multiplication triplet; wherein the first target data is randomly fragmentedIncluding random fragmentation of first data over multiple first prime number domains for each participantIs a congruence solution of (2); random fragmentation of second target dataIncluding random fragmentation of second data over multiple first prime number domains for each participant Is a congruence solution of (2); third target data random fragmentationIncluding random fragmentation of third data over multiple first prime number domains for each participantIs a congruence solution of (2); first target data random fragmentation for all participantsIn the second prime number domainUpper sum, second target data random fragmentation with all participantsIn the second prime number domainModular multiplication of the sum, equal to random fragmentation of the third target data for all participantsIn the second prime number domainAnd, see equation (13).
Formula (13)
It can be understood that, because the multiplication triplet random data can be generated in the first prime number domains at the same time, the target multiplication triplet random data in the second prime number domain is determined by utilizing the multiplication triplet random data in the first prime number domains and the Chinese remainder theorem, thereby improving the generation efficiency of the target multiplication triplet random data in the preprocessing stage.
In some embodiments of the present application, the shards are authenticatable shards; the slicing further comprises: authentication data fragmentation and authentication key fragmentation; authenticating the data fragments and the data random fragments to correspond one by one; the sum of the random fragments of the data of all the participants on any one first prime number domain on the first prime number domain is multiplied by the sum of the authentication key fragments of all the participants on the first prime number domain, and the modular multiplication is equal to the domain sum of the authentication data fragments of all the participants on a plurality of first prime number domains; the random data generation method further comprises the following steps: based on the China remainder theorem, determining congruence solutions of authentication data fragments of the participants on a plurality of first prime number domains as target authentication data fragments of the participants on a second prime number domain; and determining congruence solutions of the authentication key fragments of the participants on the plurality of first prime number domains based on the China remainder theorem as target authentication key fragments of the participants on the second prime number domains; the target tile further comprises: target authentication data shards and target authentication key shards.
In this embodiment of the present application, the slices of each participant in the random data may be authenticatable slices, where the authenticatable slices may include, in addition to the random data slices: MAC fragmentation and authentication key fragmentation. The target random data may include target authenticatable fragments of the respective participants, and target fragments in the target authenticatable fragments may include, in addition to the target data random fragments: target MAC fragmentation and target authentication key fragmentation. Any one of the participantsA kind of electronic deviceIndividual MAC slicesThe individual authentication key fragments satisfy equation (10). Here, the data random fragments of the random data correspond to the MAC fragments one by one. For example, data random fragmentation of multiplicative triplet random data includes:random fragmentation of first dataRandom fragmentation of the second dataAndrandom third dataSlicingThe corresponding MAC slices include:first MAC fragmentationSecond MAC fragmentationAndthird MAC fragmentation. Based on equation (10), equations (14) - (16) can be derived.
Formula (14)
Formula (15)
Formula (16)
Wherein the first MAC fragmentationIs a random fragmentation of the first dataMAC fragmentation of (2), second MAC fragmentationIs a second data random slice MAC fragmentation of third MAC fragmentationIs a third data random sliceMAC slices of (c).
In the embodiment of the application, the first target data random fragmentation in the target random dataAnd a first target MAC fragmentationSatisfying equation (17), the second target data random fragment in the target random dataAnd a second target MAC fragmentationSatisfying equation (18), the third target data random fragment in the target random dataAnd third target MAC fragmentationSatisfy equation (19).
Formula (17)
Formula (18)
Formula (19)
Illustratively, FIG. 3 shows a process for generating target multiplication triplet random data, as shown in FIG. 3, comprising: S21-S25.
S21、Respectively selecting random values from m first prime number domains;
in S21, the m first prime number fields include:、……. The first prime number field is exemplarily shown in FIG. 3First prime number domainAnd a first prime number domainIs performed in the following manner. Here, each participantThe selected random value includes a first random valueAnd a second random value. The random value in each first prime field may be chosen simultaneously.
S22、Executing multiplication triplet protocol in m first prime number domains respectively;
in S22, eachTaking the first random values on m first prime number domains as m first data random fragments Taking the second random values on the m first prime number domains as m second data random fragmentsThe method comprises the steps of carrying out a first treatment on the surface of the Random slicing based on multiple first dataAnd a plurality of second data random slicesGenerating a plurality of third data random slicesThe method comprises the steps of carrying out a first treatment on the surface of the Then, the MAC fragments of the first data random fragments are regenerated to obtain the first MAC fragmentsThe method comprises the steps of carrying out a first treatment on the surface of the Generating a second MAC slice of the second data random slice to obtain a second MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Generating a third data random-sliced MAC slice to obtain a third MAC slice
S23、Generating multiplication triplet random data in m first prime number domains respectively;
in S23, eachGenerating m multiplication triplets of random data, each first prime fieldThe multiplication triplet random data in (a) includes: first data junctionStructureSecond data structureAnd a third data structure. First data structureComprising the following steps: n number ofRandom fragmentation of first data of (a)N numberIs of the first MAC fragmentation of (1)And n number ofAuthentication key sharding of (1). Second data structureComprising the following steps: n number ofRandom fragmentation of second data of (a)N numberSecond MAC slice of (a)And n number ofAuthentication key sharding of (1). Third data structureComprising the following steps: n number ofRandom fragmentation of third data of (2)N numberThird MAC slice of (a)And n number ofAuthentication key sharding of (1)
S24、Executing the Chinese remainder theorem;
in S24, eachFirst data random fragmentation requiring solving m first prime number domainsAs a first target data random sliceRandom fragmentation of second data in m first prime fieldsAs the second target dataMachine slicingThe method comprises the steps of carrying out a first treatment on the surface of the Random fragmentation of third data in m first prime fieldsAs a third target data random sliceThe method comprises the steps of carrying out a first treatment on the surface of the First MAC fragmentation in m first prime fieldsAs a first target MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Second MAC fragmentation in m first prime fieldsAs a second target MAC fragmentationThe method comprises the steps of carrying out a first treatment on the surface of the Third MAC fragmentation in m first prime fieldsAs a third target MAC fragmentation. Authentication key sharding in m first prime fieldsIs used as target authentication key fragment
S25、Target multiplication triplet random data in a second prime number field is generated.
In S25, eachThe target multiplication triplet random data may be generated based on a result obtained by executing the chinese remainder theorem, the target multiplication triplet random data including: first target data structureSecond target data structureAnd a third target data structure . First target data structureComprising the following steps: random fragmentation of first target dataFirst target MAC fragmentationAuthentication key shardingThe method comprises the steps of carrying out a first treatment on the surface of the Second target data structureComprising the following steps: random fragmentation of second target dataSecond target MAC fragmentationAuthentication key shardingThe method comprises the steps of carrying out a first treatment on the surface of the Third target data structureComprising the following steps: third target data random fragmentationThird target MAC fragmentationAuthentication key sharding
In some embodiments of the present application, the shards are authenticatable shards, which are shards that perform a victim test, and through which the victim test passes. All the participants perform sacrifice detection on the authenticatable fragments, and if the sacrifice detection passes, the next operation is continued. Illustratively, all the participants perform sacrifice detection on the authenticatable slices in the plurality of random data, and under the condition that the sacrifice detection passes, the congruence solution of the plurality of authenticatable slices of each participant is determined based on the China remainder theorem and used as the target authenticatable slices of the participant in the second prime number domain. Here, the authenticatable fragment may include: authenticatable fragments generated by the multiplicative triplet protocol, authenticatable fragments generated by the square protocol, authenticatable fragments generated by the modulo inverse protocol, and authenticatable fragments generated by the bit protocol. The error value can be filtered through sacrifice detection, and congruence solutions can be calculated only by adopting authenticatable fragments passing through sacrifice detection, so that the accuracy of preprocessing can be improved.
Exemplary, participantsAfter the first data random slice, the second data random slice and the third data random slice are obtained, and the first MAC slice, the second MAC slice and the third MAC slice, the first data random slice, the second data random slice and the third data random slice can be used as authenticatable slices of random data together with authentication key slices; at this time, the participantsThe authenticatable fragments can be subjected to sacrifice detection, and then the authenticatable fragments passing through the sacrifice detection are processed based on China's law, so that corresponding target authenticatable fragments form target multiplication triplet random data; in this way, the target multiplication triplets can be improvedAccuracy of random data.
In some embodiments of the present application, the random data includes input random data; the implementation of obtaining the plurality of random data in the plurality of first prime number fields in S101, as shown in fig. 4, may include: S301-S302.
S301, selecting corresponding third random values from a plurality of first prime number domains; according to an input protocol, taking a plurality of third random values as a plurality of fourth data random fragments of a participant on a plurality of first prime number domains; the random data slicing of the input random data of the participant on any one of the first prime number domains comprises: the fourth data of each party on the first prime number field is randomly fragmented and the identity of the party is randomly determined.
In the present embodiment, each participantCan be in each first prime number domainIs selected to be a third random valueAnd directly serving as the random fourth data fragments of the participants in the corresponding first prime number domain to obtain a plurality of random fourth data fragments of each participant.
In the embodiment of the application, the participantsA plurality of third random values may beInput to input protocolThe resulting plurality of input random data. Participant(s)The input random data on the kth first prime number domain may include: each participantFourth data random fragmentation of (2)And the identification os of the data owner)。
S302, in the case that the party is the data owner, the data random slicing of the random data input by the party on any one of the first prime number domains further comprises: a fourth sum over the plurality of first prime number fields; the fourth sum over each first prime number field is the sum over the first prime number field of the fourth random fragmentation of data over the first prime number field for all participants.
In the embodiment of the present application, one of the n participants is a data owner, at this time, the input random data of the participant in the kth first prime number domain may further include a fourth sum in the kth first prime number domain See formula (20).
Formula (20)
Here, although the data owner is obtained by the input protocolRandom fragmentation of data held by himHe does not know the random fragmentation of data held by other parties
In an embodiment of the present application, the input random data output by the party as the data owner using the input protocol may include: fourth data structure on m first prime number domainsFourth sum over m first prime number domainsAnd an identification os of the data owner; the input random data output by other parties than the data owner using the input protocol may include: fourth data structure on m first prime number domainsAnd an identification os of the data owner. Wherein the fourth sum over m first prime number domainsOnly the data owner may be aware.
In some embodiments of the present application, the target random data comprises target input random data; the implementation of determining the target random data in S103 may include: randomly slicing fourth target dataIdentification os and fourth target sum of data ownersDetermining to input random data for the target of the data owner; and randomly slicing the fourth target dataAnd the identity os of the data owner determining to be the target input random data of the parties other than the data owner; wherein, the fourth target data is randomly sliced Including random fragmentation of fourth data over multiple first prime number domains for each participantIs a congruence solution of (2); fourth objectIs a plurality of fourth sumsIs a congruence solution of (2); fourth target data random fragmentation for all participantsThe sum over the second prime number domain is equal to the fourth target sumSee formula (21).
Formula (21)
It can be understood that, since the input random data can be generated in the plurality of first prime number domains at the same time, the input random data in the plurality of first prime number domains and the chinese remainder theorem are utilized to determine the target input random data in the second prime number domain, thereby improving the generation efficiency of the target input random data in the preprocessing stage.
In some embodiments, the input random data further includes a fourth MAC slice and an authentication key slice, the fourth MAC slice being a MAC slice of the fourth random data slice. Random data slicing for inputting random data includesRandom fragmentation of fourth dataThe corresponding MAC slices include:fourth MAC fragmentation. Based on equation (10), equation (22) can be derived.
Formula (VI)(22)
In the embodiment of the application, the fourth target data random fragmentation in the target random dataAnd fourth target MAC fragmentationSatisfies the formula (23), Formula (23)
By way of example, fig. 5 illustrates a process for generating target input random data, as shown in fig. 5, comprising: S31-S35.
S31、Respectively selecting random values from each first prime number domain;
in S31, each first prime number field includes:、……. The first prime number field is exemplarily shown in FIG. 5First prime number domainAnd a first prime number domainIs performed in the following manner. Here, each ofThe selected random value includes a third random value. The random value in each first prime field may be chosen simultaneously.
S32, each prescriptionExecuting an input protocol in each first prime number domain;
in S32, eachThe third random value may beAfter being input into the input protocol, the fourth data random fragmentation can be obtainedAnd a data owner identification os. Random slicing based on fourth dataObtaining a fourth MAC slice. Then as the data ownerFourth data random fragmentation on a per-participant basisAnd input protocol generation fourth sum
S33、Generating input random data in each first prime number domain respectively;
in S33, eachCan generate m pieces of input random data, and data ownersThe input random data in the kth first prime number domain includes: fourth data structureFourth and A data owner identity os; divisor data ownerOther participants than) The input random data in the kth first prime number domain includes: fourth data structureAnd an identification os of the data owner. Wherein the fourth data structureComprising the following steps: fourth data random slicingFourth MAC fragmentationAuthentication key sharding
S34、Executing the Chinese remainder theorem;
in S34, each participantThe congruence solution of the random fragmentation of the fourth data in m first prime number domains needs to be solved as the fourthRandom fragmentation of target dataThe method comprises the steps of carrying out a first treatment on the surface of the As the data ownerAlso needed to solve m fourth sumsAs a fourth object andthe method comprises the steps of carrying out a first treatment on the surface of the Fourth MAC fragmentation in m first prime fieldsAs a fourth target MAC fragmentation. Authentication key sharding in m first prime fieldsIs used as target authentication key fragment
S35、Target input random data in a second prime number field is generated.
In S35, each participantThe target input random data may be generated based on a result of performing the chinese remainder theorem. Wherein, the data ownerThe target input random data of (1) includes: fourth target data structureFourth objectAnd an identification os of the data owner. Divisor data owner The target input random data of other participants includes: fourth target data structureAnd an identification os of the data owner. Fourth target data structureComprising the following steps: fourth target data random fragmentationFourth target MAC fragmentationAnd target authentication key sharding
In some embodiments of the present application, the random data comprises square random data; the implementation of obtaining the plurality of random data of the participants in the plurality of first prime number fields in S101, as shown in fig. 6, may include: S401-S402.
S401, selecting a corresponding fourth random value from the plurality of first prime number domains, as a fifth random slice of data of the participant on the plurality of first prime number domains.
In the present embodiment, each participantAt each first prime number domainA fifth random value is selectedAs the fifth number of the participant in a corresponding one of the first prime fieldsAnd obtaining a plurality of fifth data random fragments of each participant according to the random fragments.
S402, determining a sixth data random slice on the plurality of first prime number domains based on the fifth data random slice on the plurality of first prime number domains and a square protocol; the square of the sum of the fifth data random fragments of all the participants in any one first prime number domain in the first prime number domain is equal to the sum of the sixth data random fragments of all the participants in the first prime number domain; the data random slicing of square random data of the participant on any first prime number domain comprises: the fifth data of each participant on the first prime number field is randomly sliced and the sixth data of each participant on the first prime number field is randomly sliced.
In the embodiment of the application, the random data includes square random data, and the participants need to follow a square protocolRandomly slicing according to a plurality of fifth dataDetermining a plurality of sixth data random slices. Each sixth data is randomly sliced in a corresponding first prime number domain, n participators are in any one of the first prime number domainsRandom fragmentation of sixth data of (2)Satisfy equation (24).
Formula (24)
In the embodiment of the application, square random data output by each participant by using a square protocol includes: fifth data structure on m first prime number domainsAnd a sixth data structure over m first prime number fields
In some embodiments of the present application, the target random data comprises target square random data; the implementation of determining the target random data in S103 may include: randomly slicing fifth target dataAnd sixth target data random fragmentationDetermining square random data as a target; wherein, the fifth target data is randomly slicedIncluding fifth data random fragmentation of each participant over multiple first prime number domainsIs a congruence solution of (2); sixth target data random fragmentationIncluding a sixth data random fragmentation of each participant over a plurality of first prime number fields Is a congruence solution of (2); the square of the sum of the random fragmentation of the fifth target data of all the participants over the second prime number field is equal to the sum of the random fragmentation of the sixth target data of all the participants over the second prime number field, see equation (25).
Formula (25)
It can be understood that, since square random data can be generated in a plurality of first prime number domains at the same time, the square random data in a plurality of first prime number domains and the Chinese remainder theorem are utilized to determine the target square random data in the second prime number domain, thereby improving the generation efficiency of the target square random data in the preprocessing stage.
In some embodiments, the shards may be authenticatable shards, which further include a fifth MAC shard, a sixth MAC shard, and an authentication key shard; the fifth MAC slice is the MAC slice of the fifth data random slice, and the sixth MAC slice is the MAC slice of the sixth data random slice. Thus, the data random slice of square random data of each participant comprisesRandom slicing of fifth dataAndrandom fragmentation of sixth dataThe corresponding MAC slices include:fifth MAC fragmentationAndsixth MAC slice. Based on equation (10), equations (26) - (27) can be derived.
Formula (26)
Formula (27)
In the embodiment of the application, the target is randomFifth target data random fragmentation in dataAnd a fifth target MAC fragmentationSatisfying equation (28), the sixth target data random fragment in the target random dataAnd a sixth target MAC fragmentationSatisfy equation (29).
Formula (28)
Formula (29)
Illustratively, fig. 7 shows a process of generating target square random data, as shown in fig. 7, including: S41-S45.
S41、Respectively selecting random values from each first prime number domain;
in S41, each first prime number field includes:、……. The first prime number field is exemplarily shown in FIG. 7First prime number domainAnd a first prime number domainIs performed in the following manner. Here, each ofThe selected random value includes a fourth random value. The random value in each first prime field may be chosen simultaneously.
S42、Executing a square protocol in each first prime number domain respectively;
in S42, eachRandom slicing of the fourth random value as the fifth dataThe method comprises the steps of carrying out a first treatment on the surface of the Random slicing based on fifth dataGenerating a sixth random slice of dataThe method comprises the steps of carrying out a first treatment on the surface of the Generating a fifth MAC slice of the fifth data random slice to obtain a fifth MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Generating a MAC slice of the sixth data random slice to obtain a sixth MAC slice
S43、Generating square random data in each first prime number domain respectively;
in S43, eachGenerating square random data in m first prime number domains, wherein the square random data in the kth first prime number domain comprises: fifth data structureAnd a sixth data structure. Fifth data structureComprising the following steps: fifth data random slicingFifth MAC fragmentationAuthentication key sharding. Sixth data structureComprising the following steps: sixth data random slicingSixth MAC fragmentationAuthentication key sharding
S44、Executing the Chinese remainder theorem; in S44, eachThe congruence solution of the fifth random data fragment in m first prime domains needs to be solved to serve as the fifth target random data fragmentSixth data random fragmentation in m first prime fieldsAs a sixth target data random sliceThe method comprises the steps of carrying out a first treatment on the surface of the Fifth MAC fragmentation in m first prime fieldsAs a fifth target MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Sixth MAC fragmentation in m first prime fieldsAs a sixth target MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Authentication key sharding in m first prime fieldsIs used as target authentication key fragment
S45、Target square random data in a second prime number field is generated.
In S45, eachThe target square random data may be generated based on a result of performing the chinese remainder theorem, the target square random data including: fifth target data structure And sixth orderMark data structure. The fifth target data structure comprises: fifth target data random fragmentationFifth target MAC fragmentationAnd target authentication key shardingThe method comprises the steps of carrying out a first treatment on the surface of the The sixth target data structure comprises: sixth target data random fragmentationSixth target MAC fragmentationAnd target authentication key sharding
In some embodiments, the slices may be authenticatable slices, where the authenticatable slices include a fifth data random slice, a fifth MAC slice, a sixth data random slice, a sixth MAC slice, and an authentication key slice, each participant may perform sacrificial detection on the authenticatable slices, and then process the authenticatable slices passing the sacrificial detection based on the chinese remainder theorem to obtain target square random data; in this way, the accuracy of the target square random data can be improved.
In some embodiments of the present application, the random data comprises modulo inverse random data; the implementation of obtaining the plurality of random data of the participants in the plurality of first prime number fields in S101, as shown in fig. 8, may include: S501-S503.
S501, selecting a corresponding fifth random value and sixth random value from the plurality of first prime number domains.
S502, randomly slicing a plurality of seventh data with a plurality of fifth random values as participants.
In the embodiment of the applicationEach participantAt each first prime number domainSelecting a fifth random valueAnd a sixth random valueFifth random valueAnd randomly slicing the seventh data in the corresponding first prime number domain as the participant to obtain a plurality of seventh data random slices.
S503, determining eighth data random fragments of the participant on a plurality of first prime number domains based on a plurality of seventh data random fragments, a plurality of sixth random values and a modulo inverse protocol; the modulo inverse of the sum of all the participants on the seventh data random slice of any one of the first prime number domains is equal to the sum of all the participants on the eighth data random slice of the first prime number domain; the data random slicing of the modulo inverse random data of the participant on any one of the first prime number domains comprises: the seventh data of each participant on the first prime number domain is randomly sliced and the eighth data of each participant on the first prime number domain is randomly sliced.
In embodiments of the present application, the random data includes modulo inverse random data, with each participantRequiring compliance with the modulo inversion protocolRandom slicing according to seventh dataAnd a sixth random valueDetermining eighth data random fragmentation. Each eighth data is randomly sliced in a corresponding first prime number domain, n participators are in any one of the first prime number domains Eighth data random fragmentation of (2)The sixth random value of the n participants over the first prime number field and the eighth random fragmentation of the n participants over the first prime number field satisfy equation (30) to obtain equation (31).
Formula (30)
Formula (31)
All calculations here occur atIn the ciphertext state.
In the present embodiment, each participantIn the modulo reverse random data output by using the modulo reverse protocol, the slicing includes: seventh data structure on m first prime number domainsAnd an eighth data structure over m first prime number fields
In some embodiments of the present application, the target random data comprises target simulated random data; the implementation of the target random data is determined in S103,may include: randomly slicing the seventh target dataAnd eighth target data random fragmentationDetermining target simulation random data; wherein the seventh target data is randomly slicedIncluding a seventh random fragmentation of data over a plurality of first prime number fields for each participantIs a congruence solution of (2); eighth target data random fragmentationIncluding eighth data random fragmentation of each participant over multiple first prime number domainsIs a congruence solution of (2); seventh target data random fragmentation for all participants The modulo inverse of the sum over the second prime number field is equal to the eighth target data random fragmentation for all participantsThe sum over the second prime number domain, see equation (32).
Formula (32)
It can be understood that, because the modulo inverse random data can be generated in the multiple first prime domains at the same time, and then the modulo inverse random data in the multiple first prime domains and the Chinese remainder theorem are utilized to determine the target modulo inverse random data in the second prime domain, the generation efficiency of the target modulo inverse random data in the preprocessing stage can be improved.
In some embodimentsIn an example, the slices may be authenticatable slices, where the authenticatable slices further include a seventh MAC slice, an eighth MAC slice, and an authentication key slice; the seventh MAC slice is a MAC slice of the seventh random data slice, and the eighth MAC slice is a MAC slice of the eighth random data slice. Thus, the data random slice of the modulo inverse random data comprisesSeventh data random slicingAndeighth data random fragmentationThe corresponding MAC slices include:seventh MAC fragmentationAndeighth MAC slice. Based on the formula (10), formulas (33) - (34) can be obtained.
Formula (33)
Formula (34)
In the embodiment of the application, the seventh target data random fragmentation in the target random data And a seventh target MAC fragmentationSatisfying equation (35), eighth target data random fragment in target random dataAnd eighth destination MAC fragmentationSatisfy equation (36).
Formula (35)
Formula (36)
Illustratively, fig. 9 shows a flow based on generating target modulo inverse random data, as shown in fig. 9, comprising: S51-S55.
S51、Respectively selecting random values from each first prime number domain;
in S51, each first prime number field includes:、……. The first prime number field is illustratively shown in the figureFirst prime number domainAnd a first prime number domainIs performed in the following manner. Here, each ofThe selected random values include a fifth random valueAnd a sixth random value. The random value in each first prime field may be chosen simultaneously.
S52、Performing a modulo inverse protocol in each first prime number domain, respectively;
in S52, eachThe fifth random value can be used as the seventh data random fragmentationThe method comprises the steps of carrying out a first treatment on the surface of the Random slicing based on seventh dataAnd a sixth random valueGenerating eighth data random fragmentsThe method comprises the steps of carrying out a first treatment on the surface of the Generating a seventh MAC burst of the random data burst to obtain a seventh MAC burstThe method comprises the steps of carrying out a first treatment on the surface of the Generating an eighth MAC slice of the random data slice to obtain an eighth MAC slice
S53、Generating modular inverts in each first prime field separatelyRandom data;
In S53, eachGenerating m modulo inverse random data, the modulo inverse random data in the kth first prime domain including: seventh data structureAnd an eighth data structure. Seventh data structureComprising the following steps: seventh data random slicingSeventh MAC fragmentationAuthentication key sharding. Eighth data structureComprising the following steps: eighth data random fragmentationEighth MAC fragmentationAuthentication key sharding
S54、Executing the Chinese remainder theorem;
in S54, eachRequiring solving m first prime fieldsThe congruence solution of the seventh random data fragment as the seventh target random data fragmentEighth data random fragmentation in m first prime fieldsAs the eighth target data random sliceThe method comprises the steps of carrying out a first treatment on the surface of the Seventh MAC fragmentation in m first prime fieldsAs a seventh target MAC fragmentationThe method comprises the steps of carrying out a first treatment on the surface of the Eighth MAC fragmentation in m first prime fieldsAs the eighth target MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Authentication key sharding in m first prime fieldsIs used as target authentication key fragment
S55、Target modulo inverse random data in a second prime number domain is generated.
In S55, eachThe target modulo-inverse random data may be generated based on a result obtained by executing the chinese remainder theorem, the target modulo-inverse random data including: seventh target data structure And an eighth target data structure. The seventh target data structure comprises: seventh target data random fragmentationSeventh target MAC fragmentationAnd target authentication key shardingThe method comprises the steps of carrying out a first treatment on the surface of the The eighth target data structure comprises: eighth target data random fragmentationEighth destination MAC fragmentationAnd target authentication key sharding
In some embodiments, the slices may be authenticatable slices, where the authenticatable slices include a seventh data random slice, a seventh MAC slice, an eighth data random slice, an eighth MAC slice, and an authentication key slice, each participant may perform sacrifice detection on the authenticatable slices, and then process the authenticatable slices passing the sacrifice detection based on the chinese remainder theorem to obtain target modulo inverse random data; thus, the accuracy of the target modulo inverse random data can be improved.
In some embodiments of the present application, the random data comprises bit random data; the implementation of obtaining the plurality of random data of the participants in the plurality of first prime number fields in S101, as shown in fig. 10, may include: S601-S603.
S601, selecting a seventh random value in a first prime number domain;
s602, performing bit protocol on the seventh random value to obtain a first ninth data random fragment of the participant in the first prime number domain.
In the present embodiment, each participantCan be in a first prime number domainA seventh random value is selectedThe method comprises the steps of carrying out a first treatment on the surface of the After the bit protocol is executed, the first prime number domain is obtainedRandom fragmentation of the first ninth data in (a)Thereby obtaining the first ninth data random fragmentation of the n participators
S603, determining other ninth data random fragments of each participant on other first prime number domains except the first prime number domain based on a first ninth data random fragment and fragment conversion technology of each participant; the sum of the ninth data random fragments of all the participants in any one first prime number domain in the first prime number domain is equal to one bit; each other ninth data is randomly sliced in the corresponding other first prime number field; the data random slices of the bit random data include a first ninth data random slice and other ninth data random slices.
In the embodiment of the application, each participant obtains the first ninth data random fragmentationThereafter, the first ninth data of each participant may be randomly fragmentedAdding a random mask of a corresponding party to obtain a conversion fragment of each party; conversion fragments are also in the first prime number domain Is a kind of medium. Then, by using the first prime number domainDetermining m-1 other ninth data random fragments in other m-1 other first prime domains by the conversion fragments in (a) and the first ninth data random fragments; in this way, all ninth data random slices for each participant can be determined. It should be noted that, the sum of the ninth data random fragments of all the participants in any one first prime number domain in the corresponding first prime number domain is equal to one bit; one bit may be 0 or 1, see equation (37).
Formula (37)
In some embodiments, after the first ninth data random fragmentation is obtained, each participant may perform sacrifice detection on the first ninth data random fragmentation, and then perform bit fragmentation on the first ninth data random fragmentation passed by the sacrifice detection based on the fragmentation conversion technology, so that accuracy in determining other ninth data random fragments can be improved.
It can be understood that, on the large prime number domain, the generation of the target bit random data requires the quadratic residue of a single random value on the prime number domain, and if the quadratic residue on each small prime number domain is directly calculated by using the Chinese residue theorem, the single random value on the large integer domain exists A plurality of secondary residuals, generating a plurality of error values; moreover, these error values are difficult to check by victim detection techniques or other bit-slice detection techniques. And each participant converts the ninth data random fragments on the first prime number domain through a fragment conversion technology to obtain fragments on other m-1 first prime number domains. In this way, the life can be improvedAccuracy of the bit-wise random data.
In some embodiments of the present application, determining, in S603, implementation of random fragmentation of the ninth data of each participant on the other first pixel domains except the first pixel domain based on the random fragmentation of the first ninth data of each participant and the fragmentation conversion technique, as shown in fig. 11, may include: S701-S702.
S701, adding a first ninth data random fragment of the participant and a random mask of the participant on a first prime number domain to obtain a self conversion fragment; the sum of the random masks of all participants is smaller than the modulus of the first prime number field.
In the embodiment of the application, each participant has its own random maskFor randomly slicing the first and ninth data of the sameAdding to obtain self conversion fragments See equation (38).
Formula (38)
Wherein the random mask of any one partyFor bit length less thanSubtracting outIs a random value of the difference value of (c). In this manner, the sum of the conversion slices for each participant obtained by equation (38) may be in the first prime range.
S702, determining other ninth data random fragments of the participants based on the random data fragments of 0 of the participants, the total conversion fragments, the random mask of each participant and the modes of other first prime number domains of the participants; the total conversion tile is the sum of the conversion tiles of all participants.
In the embodiment of the application, each participant obtains own conversion fragmentsThen, the domain sums of the conversion fragments of all the participants can be calculated to obtain the total conversion fragmentsSee equation (39).
Formula (39)
In the embodiment of the present application, each participant holds a random data slice of 0, and any one other participant may generate other ninth data random slices of any one first participant in the other participants by using the total conversion slices and the random data slices of 0 of itself, and other ninth data random slices of other participants except the first participant may not be generated by using the total conversion slices.
In some embodiments of the present application, determining the implementation of the other ninth data random fragmentation of each other party in S702 based on the random data fragmentation of 0, the total transition fragmentation, the random mask of each party, and the modulus of the other first prime number domain of the party, as shown in fig. 12, may include: S801-S802.
S801, under the condition that the participant is the first participant, on each other first prime number domain, the sum of the total conversion fragments on the other first prime number domains and the random mask of the participant and the data random fragments of 0 on the other first prime number domains is utilized to obtain other ninth data random fragments of the participant.
In the embodiment of the application, the first party) Can be any one of n participators, and in the case of the first participator, the other participators besides the first participator) Is also determined.Is a participantHolding 0 data randomly fragmented, first partyOther ninth data random fragments may be determined according to equation (40)Wherein, the method comprises the steps of, wherein,
formula (40)
S802, under the condition that the participant is other participants except the first participant, on each other first prime number domain, the modulus subtraction of the random data fragments of 0 of the participant and the random mask is calculated, and other ninth data random fragments are obtained.
In the embodiment of the application, other participatorsCan be according toEquation (41) determines other ninth data random fragmentsWherein, the method comprises the steps of, wherein,
formula (41)
It can be understood that each participant can determine other ninth data random fragments by data random fragments of 0, total conversion fragments, first ninth data random fragments in the first prime number domain, and make other ninth data random fragments in other first prime number domains; in this way, bit random data can be accurately generated.
In an embodiment of the present application, in the bit random data in the kth first prime number domain output by each participant using the bit protocol, the sharding may include a ninth data structure on each first prime number domain
In some embodiments of the present application, the target random data comprises target bit random data; the implementation of determining the target random data in S103 may include: randomly slicing the ninth target dataDetermining the random data as target bit; wherein, the ninth target data is randomly slicedIncluding ninth data random fragmentation of each participant over multiple first prime number domainsIs a congruence solution of (2); ninth target data random fragmentation for all participants The sum over the second prime number field is equal to one bit, see equation (42).
Formula (42)
It can be understood that, because the bit random data can be generated in the multiple first prime number domains at the same time, the bit random data in the multiple first prime number domains and the Chinese remainder theorem are utilized to determine the target bit random data in the second prime number domain, thereby improving the generation efficiency of the target bit random data in the preprocessing stage.
In some embodiments, the shards may be authenticatable shards, which further include a ninth MAC shard and an authentication key shard; the ninth MAC slice is a MAC slice of the ninth random data slice. Thus, the data random slice of the bit random data of each participant comprisesNinth data random slicingThe corresponding MAC fragment includesNinth MAC fragmentation. Based on equation (10), equation (43) can be derived.
Formula (43)
In the embodiment of the application, the ninth target data random fragmentation in the target random dataAnd a ninth target MAC fragmentationSatisfy formula (44)。
Formula (44)
Illustratively, fig. 13 shows a process of generating target bit random data, as shown in fig. 13, including: S61-S68.
S61、Selecting a random value from a first prime number field;
in S61, all the first prime number fields include:、……. The first prime number field is exemplarily shown in FIG. 13First prime number domainAnd a first prime number domainIs performed in the following manner. Here, each ofSelected in the first prime number domainThe random value in (a) is the first and sixth random values
S62, each prescriptionAt the first prime numberExecuting bit protocol in domain;
in S62, eachBased on the bit protocol, the first sixth random value can be used as the first ninth data random fragmentationThe method comprises the steps of carrying out a first treatment on the surface of the Random fragmentation based on first and ninth dataGenerating a first ninth MAC slice of the random data slices to obtain a first ninth MAC slice
S63、Generating bit random data in a first prime number domain;
in S63, eachGenerating bit random data in a first prime number domain, i.e., first bit random data, the first bit random data comprising: first and ninth data structures. First and ninth data structuresComprising the following steps: first ninth data random fragmentationFirst ninth MAC sliceAuthentication key sharding
S64、Performing a shard conversion in the other first prime number domain;
in S64, the other first prime number field includes: 、……. Here, each ofRandom fragmentation based on first and ninth dataPerforming fragment conversion to obtain random fragments of other ninth data. Wherein,
S65、generating MAC fragments in other first prime number domains;
in S65, eachGenerating other ninth MAC fragments based on other ninth data random fragments
S66, respectively generating bit random data in other first prime number domains;
in S66, eachGenerating bit random data in other m-1 first prime domains, each first prime domain including: other ninth data structures. Other ninth data structuresComprising the following steps: other ninth data random slicingOther ninth MAC fragmentationAuthentication key sharding. Wherein,
S67、executing the Chinese remainder theorem;
in S67, the participantsThe congruence solution of the random fragmentation of the ninth data in m first prime domains needs to be solved as the random fragmentation of the ninth target dataAnd a ninth MAC slice in m first prime fieldsAs a ninth target MAC sliceThe method comprises the steps of carrying out a first treatment on the surface of the Authentication key sharding in m first prime fieldsIs used as target authentication key fragment
S68、Target bit random data in a second prime number field is generated.
In S68, the participants The target bit random data may be generated based on a result of performing the chinese remainder theorem, the target bit random data including: ninth target data structure. The ninth target data structure comprises: ninth target data random fragmentationNinth target MAC fragmentationAnd target authentication key sharding
In some embodiments, the slices may be authenticatable slices, where the authenticatable slices include a ninth data random slice, a ninth MAC slice, and an authentication key slice, and at this time, each participant may perform a sacrificial detection technique on the authenticatable slices, and process the authenticatable slices passing the sacrificial detection based on the chinese remainder theorem to obtain target bit random data; in this way, the target bit random data can be accurately generated.
It should be noted that, in the preprocessing stage, if the target random data does not include MAC fragmentation, the generating process does not perform sacrifice detection, and zero knowledge proof and encryption commitment are not involved, the method is applicable to the SPDZ series protocol of the passive security version. If the target random data comprises MAC fragmentation, the generation process performs sacrifice detection, and zero knowledge proof and encryption promise are adopted, the method is applicable to SPDZ series protocols of positive safety versions.
Based on the above random data generating method, the embodiment of the present application further provides a random data generating device, which is applied to multiparty security computation, as shown in fig. 14, each participant includes a random data generating device 900, where the random data generating device 900 includes:
an acquisition module 901, configured to acquire a plurality of random data of a participant in a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant on the first prime number domain; the slicing includes: randomly slicing data;
a determining module 902, configured to determine, based on a chinese remainder theorem, a congruence solution of the random data slicing of the participant in the plurality of first prime number domains, as a target random data slicing of the participant in the second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain; determining target random data, wherein the target random data comprises target fragments of all participants; the target shard includes the target data random shard.
In some embodiments, the random data comprises multiplicative triplet random data; the obtaining module 901 is further configured to select corresponding first random values from a plurality of first prime number domains, as first random data fragments of the participant on the plurality of first prime number domains; and selecting a corresponding second random value from the plurality of first prime number domains as a second random slice of data of the participant over the plurality of first prime number domains; determining a third data random fragment of the participant on a plurality of first prime number domains according to a plurality of first data random fragments, a plurality of second data random fragments and the multiplication triplet protocol of the participant; wherein a sum of first data random slices in any one first prime number domain of all participants over the first prime number domain is modulo-multiplied with a sum of second data random slices in the first prime number domain of all the participants over the first prime number domain, equal to a sum of third data random slices in the first prime number domain of all the participants over the first prime number domain; the random data slicing of the multiplication triplet random data of the participant in any one first prime number domain comprises: the first data of each participant on the first prime number domain is randomly sliced, the second data of each participant on the first prime number domain is randomly sliced, and the third data of each participant on the first prime number domain is randomly sliced.
In some embodiments, the target random data comprises target multiplication triplet random data; the determining module 902 is further configured to determine the first target data random slice, the second target data random slice, and the third target data random slice as the target multiplication triplet random data; the first target data random fragmentation comprises congruence solutions of first data random fragmentation of each participant on a plurality of first prime number domains; the second target data random fragmentation comprises congruence solutions of the second data random fragmentation of each participant on a plurality of first prime number domains; the third target data random fragmentation comprises congruence solutions of the third data random fragmentation of each participant on a plurality of first prime number domains; the sum of the random fragments of the first target data of all the participants on the second prime number domain is multiplied by the sum of the random fragments of the second target data of all the participants on the second prime number domain, and the sum of the random fragments of the third target data of all the participants on the second prime number domain is equal.
In some embodiments, the random data comprises input random data; the obtaining module 901 is further configured to select a corresponding third random value from the plurality of first prime domains; according to an input protocol, taking a plurality of the third random values as a plurality of fourth data random fragments of the participant on a plurality of first prime number domains; the random data slicing of the input random data of the participant on any one first prime number domain comprises the following steps: a fourth data random fragment of each participant on the first prime number domain and an identification of the data owner; in the case that the party is a data owner, the data random slicing of the input random data of the party on any one of the first prime number domains further includes: a fourth sum over the plurality of first prime number fields; the fourth sum over each first prime number field is the sum over the first prime number field of the fourth random fragmentation of data over the first prime number field for all participants.
In some embodiments, the target random data comprises target input random data; the determining module 902 is further configured to randomly segment fourth target data, an identifier of a data owner, and fourth target and the target determined to be the data owner, and input random data; and determining the fourth target data random shard and the identity of the data owner as the target input random data for parties other than the data owner; the fourth target data random fragmentation comprises congruence solutions of the fourth data random fragmentation of each participant on a plurality of first prime number domains; the fourth target sum is a congruence solution of a plurality of the fourth sums; the sum of the fourth target data random fragments of all the participants on the second prime number domain is equal to the fourth target sum.
In some embodiments, the random data comprises square random data; the obtaining module 901 is further configured to select a corresponding fourth random value from the plurality of first prime number domains, as a fifth random data slice of the participant on the plurality of first prime number domains; determining a sixth data random slice on the plurality of first prime number domains based on the fifth data random slice on the plurality of first prime number domains and a square protocol; the square of the sum of the fifth data random fragmentation of all the participants in any one first prime number domain in the first prime number domain is equal to the sum of the sixth data random fragmentation of all the participants in the first prime number domain; the random data slicing of the square random data of the participant in any first prime number domain comprises: the fifth data of each participant on the first prime number field is randomly sliced and the sixth data of each participant on the first prime number field is randomly sliced.
In some embodiments, the target random data comprises target square random data; the determining module 902 is further configured to determine a fifth target data random slice and a sixth target data random slice as the target square random data; wherein the fifth target data random fragmentation comprises a congruence solution of the fifth data random fragmentation of each participant over a plurality of first prime number domains; the sixth target data random slicing comprises congruence solutions of the sixth data random slicing of each participant on a plurality of first prime number domains; the square of the sum of the random fragmentation of the fifth target data of all the participants over the second prime number field is equal to the sum of the random fragmentation of the sixth target data of all the participants over the second prime number field.
In some embodiments, the random data comprises modulo inverse random data; the obtaining module 901 is further configured to select a corresponding fifth random value and a sixth random value from the plurality of first prime number domains; randomly slicing a plurality of the fifth random values as a plurality of seventh data of the participants; determining an eighth random data slice of the participant over a plurality of first prime number domains based on a plurality of the seventh random data slices, a plurality of the sixth random values, and a modulo inverse protocol; the modulo inverse of the sum of all the participants on the seventh data random slice of any one first prime number domain is equal to the sum of all the participants on the eighth data random slice of the first prime number domain; the random data slicing of the modulo inverse random data of the participant in any one of the first prime number domains comprises: the seventh data of each participant on the first prime number field is randomly sliced and the eighth data of each participant on the first prime number field is randomly sliced.
In some embodiments, the target random data comprises target simulated random data; the determining module 902 is further configured to determine a seventh target data random slice and an eighth target data random slice as the target simulated random data; wherein the seventh target data random slice comprises a congruence solution of the seventh data random slice of each participant on the plurality of first prime number domains; the eighth target data random slicing comprises congruence solutions of the eighth data random slicing of each participant on a plurality of first prime number domains; the modulo inverse of the sum of the seventh target data random slices of all the participants over the second prime number domain is equal to the sum of the eighth target data random slices of all the participants over the second prime number domain.
In some embodiments, the random data comprises bit random data; the obtaining module 901 is further configured to select a seventh random value in the first prime number domain; performing a bit protocol on the seventh random value to obtain a first ninth data random fragment of the participant in the first prime number; determining, based on the first ninth data random fragmentation and fragmentation conversion technique for each participant, other ninth data random fragmentation for each participant over other first prime number fields than the first prime number field; the sum of the ninth data random fragments of all the participators in any one first prime number domain in the first prime number domain is equal to one bit; each of the other ninth data is randomly sliced in a corresponding other first prime number field; the data random fragments of the bit random data include the first ninth data random fragment and the other ninth data random fragments.
In some embodiments, the obtaining module 901 further includes a converting module 9011, where the converting module 9011 is configured to add the first ninth data random slice of the participant and the random mask of the participant in the first prime number domain to obtain a self conversion slice; the sum of the random masks of all participants is less than the modulus of the first prime number field; determining other ninth data random slices of the participants based on the random data slices of 0 of the participants, the total conversion slices, the random mask of each participant, and a modulus of other first prime number domains of the participants; the total conversion tile is the sum of the conversion tiles of all participants.
In some embodiments, the conversion module 9011 is further configured to, in a case where the participant is a first participant, obtain, on each other first prime number domain, another ninth data random slice of the first participant by using a sum of a total conversion slice on the other first prime number domain and a random mask of the participant, and a sum of the 0 data random slice on the other first prime number domain; and under the condition that the participant is other participants except the first participant, solving the data random fragmentation of 0 of the participant and the random mask module subtraction on each other first prime number domain to obtain the other ninth data random fragmentation.
In some embodiments, the target random data comprises target bit random data; the determining module 902 is further configured to determine a ninth target data random slice as the target bit random data; wherein the ninth target data random slicing comprises a congruence solution of the ninth data random slicing of each participant on a plurality of first prime number domains; the sum of the ninth target data random slices of all participants over the second prime number field is equal to one bit.
In some embodiments, the shards are authenticatable shards; the slicing further includes: authentication data fragmentation and authentication key fragmentation; the authentication data fragments correspond to the data random fragments one by one; the sum of the random fragmentation of the data of all the participants on any one first prime number domain on the first prime number domain is multiplied by the sum of the authentication key fragmentation of all the participants on the first prime number domain, and the modular multiplication is equal to the domain sum of all the participants on a plurality of the authentication data fragmentation of a plurality of first prime number domains; the determining module 902 is further configured to determine, based on the chinese remainder theorem, a congruence solution of the authentication data fragment of the party on the plurality of first prime number domains as a target authentication data fragment of the party on a second prime number domain; and determining, based on the chinese remainder theorem, a congruence solution of the authentication key shard of the party on a plurality of first prime number domains as the target authentication key shard of the party on a second prime number domain; the target tile further comprises: target authentication data shards and target authentication key shards.
In some embodiments, the shards are authenticatable shards that sacrifice detection pass.
Based on the random data generation method, the embodiment of the present application further provides an electronic device, as shown in fig. 15, where the electronic device 110 includes a memory 1107, a processor 1108, and a computer program stored in the memory 1107 and executable on the processor 1108; wherein the processor 1108 is operative to perform a random data generation method of multiparty security computation as in the previous embodiments, when executing said computer program.
It will be appreciated that the electronic device 110 also includes a bus system 1109; the various components in the electronic device 110 are coupled together by a bus system 1109. It is appreciated that the bus system 1109 is employed to facilitate connected communications between these components. The bus system 1109 includes a power bus, a control bus, and a status signal bus in addition to a data bus.
It will be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. The nonvolatile Memory may be Read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable programmable Read Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), magnetic random access Memory (Ferromagnetic Random Access Memory, FRAM), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only (Compact Disc Read-Only Memory, CD-ROM), among others. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (Static Random Access Memory, SRAM), synchronous static random access memory (Synchronous Static Random Access Memory, SSRAM), dynamic random access memory (Dynamic Random Access Memory, DRAM), synchronous dynamic random access memory (Synchronous Dynamic Random Access Memory, SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate Synchronous Dynamic Random Access Memory, ddr SDRAM), enhanced synchronous dynamic random access memory (Enhanced Synchronous Dynamic Random Access Memory, ESDRAM), synchronous link dynamic random access memory (SyncLink Dynamic Random Access Memory, SLDRAM), direct memory bus random access memory (Direct Rambus Random Access Memory, DRRAM). The memory described in the embodiments of the present application is intended to comprise, without being limited to, these and any other suitable types of memory.
The method disclosed in the embodiments of the present application may be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general purpose processor, DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly embodied in a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium having memory and a processor reading information from the memory and performing the steps of the method in combination with hardware.
The present embodiments provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above method.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, and for example, the division of modules is merely a logical function division, and other divisions may be implemented in practice, such as: multiple modules or components may be combined, or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or modules, whether electrically, mechanically, or otherwise.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. that are within the spirit and scope of the present application are intended to be included within the scope of the present application.

Claims (17)

1. A method of generating random data for use in a multiparty security calculation, the method comprising:
acquiring a plurality of random data of a participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant on the first prime number domain; the slicing includes: randomly slicing data;
Based on the Chinese remainder theorem, determining congruence solutions of the random data slicing of the participant on a plurality of first prime number domains as target random data slicing of the participant on a second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain;
determining target random data, wherein the target random data comprises target fragments of all participants; the target shard includes the target data random shard.
2. The method of claim 1, wherein the random data comprises multiplicative triplet random data; the acquiring a plurality of random data of the participant on a plurality of first prime number fields includes:
selecting corresponding first random values from a plurality of first prime number domains as first data random fragments of the participant on the plurality of first prime number domains; and selecting a corresponding second random value from the plurality of first prime number domains as a second random slice of data of the participant over the plurality of first prime number domains;
determining a third data random fragment of the participant on a plurality of first prime number domains according to a plurality of first data random fragments, a plurality of second data random fragments and the multiplication triplet protocol of the participant; wherein a sum of first data random slices in any one first prime number domain of all participants over the first prime number domain is modulo-multiplied with a sum of second data random slices in the first prime number domain of all the participants over the first prime number domain, equal to a sum of third data random slices in the first prime number domain of all the participants over the first prime number domain;
The random data slicing of the multiplication triplet protocol data of the participant in any one first prime number domain comprises: the first data of each participant on the first prime number domain is randomly sliced, the second data of each participant on the first prime number domain is randomly sliced, and the third data of each participant on the first prime number domain is randomly sliced.
3. The method of claim 2, wherein the target random data comprises target multiplication triplet random data; the determining target random data includes:
determining the first target data random fragment, the second target data random fragment and the third target data random fragment as the target multiplication triplet random data; wherein,
the first target data random fragmentation comprises congruence solutions of first data random fragmentation of each participant on a plurality of first prime number domains; the second target data random fragmentation comprises congruence solutions of the second data random fragmentation of each participant on a plurality of first prime number domains; the third target data random fragmentation comprises congruence solutions of the third data random fragmentation of each participant on a plurality of first prime number domains;
The sum of the random fragments of the first target data of all the participants on the second prime number domain is multiplied by the sum of the random fragments of the second target data of all the participants on the second prime number domain, and the sum of the random fragments of the third target data of all the participants on the second prime number domain is equal.
4. The method of claim 1, wherein the random data comprises input random data; the acquiring a plurality of random data of the participant on a plurality of first prime number fields includes:
selecting a corresponding third random value from the plurality of first prime number domains; according to an input protocol, taking a plurality of the third random values as a plurality of fourth data random fragments of the participant on a plurality of first prime number domains; the random data slicing of the input random data of the participant on any one first prime number domain comprises the following steps: a fourth data random fragment of each participant on the first prime number domain and an identification of the data owner;
in the case that the party is a data owner, the data random slicing of the input random data of the party on any one of the first prime number domains further includes: a fourth sum over the plurality of first prime number fields; the fourth sum over each first prime number field is the sum over the first prime number field of the fourth random fragmentation of data over the first prime number field for all participants.
5. The method of claim 4, wherein the target random data comprises target input random data; the determining target random data includes:
random fragmentation of fourth target data, identification of a data owner, and fourth target and the target determined to be the data owner are input with random data; and determining the fourth target data random shard and the identity of the data owner as the target input random data for parties other than the data owner; wherein,
the fourth target data random slicing comprises congruence solutions of the fourth data random slicing of each participant on a plurality of first prime number domains; the fourth target sum is a congruence solution of a plurality of the fourth sums;
the sum of the fourth target data random fragments of all the participants on the second prime number domain is equal to the fourth target sum.
6. The method of claim 1, wherein the random data comprises square random data; the acquiring a plurality of random data of the participant on a plurality of first prime number fields includes:
selecting a corresponding fourth random value from the plurality of first prime number domains as a fifth random shard of data of the participant over the plurality of first prime number domains;
Determining a sixth data random slice on the plurality of first prime number domains based on the fifth data random slice on the plurality of first prime number domains and a square protocol; the square of the sum of the fifth data random fragmentation of all the participants in any one first prime number domain in the first prime number domain is equal to the sum of the sixth data random fragmentation of all the participants in the first prime number domain; the random data slicing of the square random data of the participant in any first prime number domain comprises: the fifth data of each participant on the first prime number field is randomly sliced and the sixth data of each participant on the first prime number field is randomly sliced.
7. The method of claim 6, wherein the target random data comprises target square random data; the determining target random data includes:
determining a fifth target data random fragment and a sixth target data random fragment as the target square random data; wherein,
the fifth target data random slicing comprises congruence solutions of the fifth data random slicing of each participant on a plurality of first prime number domains; the sixth target data random slicing comprises congruence solutions of the sixth data random slicing of each participant on a plurality of first prime number domains;
The square of the sum of the random fragmentation of the fifth target data of all the participants over the second prime number field is equal to the sum of the random fragmentation of the sixth target data of all the participants over the second prime number field.
8. The method of claim 1, wherein the random data comprises modulo inverse random data; the acquiring a plurality of random data of the participant on a plurality of first prime number fields includes:
selecting a corresponding fifth random value and sixth random value from the plurality of first prime number domains;
randomly slicing a plurality of the fifth random values as a plurality of seventh data of the participants;
determining an eighth random data slice of the participant over a plurality of first prime number domains based on a plurality of the seventh random data slices, a plurality of the sixth random values, and a modulo inverse protocol; the modulo inverse of the sum of all the participants on the seventh data random slice of any one first prime number domain is equal to the sum of all the participants on the eighth data random slice of the first prime number domain; the random data slicing of the modulo inverse random data of the participant in any one of the first prime number domains comprises: the seventh data of each participant on the first prime number field is randomly sliced and the eighth data of each participant on the first prime number field is randomly sliced.
9. The method of claim 8, wherein the target random data comprises target simulated random data; the determining target random data includes:
determining a seventh target data random fragment and an eighth target data random fragment as the target simulation random data; wherein,
the seventh target data random slicing comprises congruence solutions of the seventh data random slicing of each participant on a plurality of first prime number domains; the eighth target data random slicing comprises congruence solutions of the eighth data random slicing of each participant on a plurality of first prime number domains;
the modulo inverse of the sum of the seventh target data random slices of all the participants over the second prime number domain is equal to the sum of the eighth target data random slices of all the participants over the second prime number domain.
10. The method of claim 1, wherein the random data comprises bit random data; the acquiring a plurality of random data of the participant on a plurality of first prime number fields includes:
selecting a seventh random value in the first prime number domain;
performing a bit protocol on the seventh random value to obtain a first ninth data random fragment of the participant in the first prime number;
Determining, based on the first ninth data random fragmentation and fragmentation conversion technique for each participant, other ninth data random fragmentation for each participant over other first prime number fields than the first prime number field; the sum of the ninth data random fragments of all the participators in any one first prime number domain in the first prime number domain is equal to one bit; each of the other ninth data is randomly sliced in a corresponding other first prime number field; the data random fragments of the bit random data include the first ninth data random fragment and the other ninth data random fragments.
11. The method of claim 10, wherein the determining, based on the first ninth data random fragmentation and fragmentation conversion technique for each participant, the other ninth data random fragmentation for each participant over the other first prime number fields other than the first prime number field comprises:
adding the first ninth data random fragment of the participant and the random mask of the participant on the first prime number domain to obtain a self conversion fragment; the sum of the random masks of all participants is less than the modulus of the first prime number field;
Determining other ninth data random slices of the participants based on the random data slices of 0 of the participants, the total conversion slices, the random mask of each participant, and a modulus of other first prime number domains of the participants; the total conversion tile is the sum of the conversion tiles of all participants.
12. The method of claim 11, wherein the determining the other ninth data random slices for the participant based on the random data slices for 0 for the participant, the total transition slices, the random mask for each participant, and a modulus for the other first prime number fields for the participant comprises:
on each other first prime number domain, obtaining other ninth data random fragments of the first party by using the sum of the total conversion fragments of the other first prime number domains and the random mask of the party and the data random fragments of 0 on the other first prime number domains in the case that the party is the first party;
and under the condition that the participant is other participants except the first participant, solving the data random fragmentation of 0 of the participant and the random mask module subtraction on each other first prime number domain to obtain the other ninth data random fragmentation.
13. The method of claim 10, wherein the target random data comprises target bit random data; the determining target random data includes:
determining a ninth target data random fragment as the target bit random data; wherein,
the ninth target data random slicing comprises congruence solutions of the ninth data random slicing of each participant on a plurality of first prime number domains;
the sum of the ninth target data random slices of all participants over the second prime number field is equal to one bit.
14. The method of any one of claims 1-13, wherein the shards are authenticatable shards; the slicing further includes: authentication data fragmentation and authentication key fragmentation; the authentication data fragments correspond to the data random fragments one by one; the sum of the random fragmentation of the data of all the participants on any one first prime number domain on the first prime number domain is multiplied by the sum of the authentication key fragmentation of all the participants on the first prime number domain, and the modular multiplication is equal to the domain sum of all the participants on a plurality of the authentication data fragmentation of a plurality of first prime number domains; the method further comprises the steps of:
Based on the Chinese remainder theorem, determining congruence solutions of the authentication data fragments of the participant on a plurality of first prime number domains as target authentication data fragments of the participant on a second prime number domain; and determining, based on the chinese remainder theorem, a congruence solution of the authentication key shard of the party on a plurality of first prime number domains as the target authentication key shard of the party on a second prime number domain; the target tile further comprises: target authentication data shards and target authentication key shards.
15. A random data generation apparatus for use in multiparty security computing, the random data generation apparatus comprising:
the acquisition module is used for acquiring a plurality of random data of the participant on a plurality of first prime number domains; each piece of random data is in a corresponding first prime number domain; the random data on each first prime number domain includes a slice of each participant on the first prime number domain; the slicing includes: randomly slicing data;
the determining module is used for determining congruence solutions of the random data fragments of the participants on a plurality of first prime number domains based on the Chinese remainder theorem and taking the congruence solutions as target random data fragments of the participants on a second prime number domain; the product of the modes of the plurality of first prime number domains is equal to the mode of the second prime number domain; determining target random data, wherein the target random data comprises target fragments of all participants; the target shard includes the target data random shard.
16. An electronic device, comprising:
a memory for storing a computer program executable on the processor;
a processor for implementing the steps of the method of any one of claims 1 to 14 when said computer program is executed.
17. A storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of claims 1 to 14.
CN202410025777.7A 2024-01-08 2024-01-08 Random data generation method and device, electronic equipment and storage medium Active CN117519646B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410025777.7A CN117519646B (en) 2024-01-08 2024-01-08 Random data generation method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410025777.7A CN117519646B (en) 2024-01-08 2024-01-08 Random data generation method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN117519646A CN117519646A (en) 2024-02-06
CN117519646B true CN117519646B (en) 2024-03-26

Family

ID=89749890

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410025777.7A Active CN117519646B (en) 2024-01-08 2024-01-08 Random data generation method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117519646B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969354A (en) * 2009-07-28 2011-02-09 武汉大学 Channel coding and decoding method based on Chinese conversion codes
CN107209660A (en) * 2015-01-14 2017-09-26 日本电信电话株式会社 Generating random number device, random digit generation method and program
CN107947923A (en) * 2017-11-29 2018-04-20 重庆邮电大学 A kind of attribute key distribution method of no trusted party
US11296861B1 (en) * 2021-04-21 2022-04-05 Clustar Technology Co., Ltd. Paillier decryption system, IC and method
CN116132050A (en) * 2023-01-19 2023-05-16 苏州国芯科技股份有限公司 Message processing method, system, equipment and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8817974B2 (en) * 2011-05-11 2014-08-26 Nxp B.V. Finite field cryptographic arithmetic resistant to fault attacks
US8861718B2 (en) * 2012-02-10 2014-10-14 Electronics And Telecommunications Research Institute Method of preventing fault-injection attacks on Chinese Remainder Theorem-Rivest Shamir Adleman cryptographic operations and recording medium for storing program implementing the same
US8873691B2 (en) * 2012-09-10 2014-10-28 Broadcom Corporation Generating codes for sync words to avoid cyclic collision

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969354A (en) * 2009-07-28 2011-02-09 武汉大学 Channel coding and decoding method based on Chinese conversion codes
CN107209660A (en) * 2015-01-14 2017-09-26 日本电信电话株式会社 Generating random number device, random digit generation method and program
CN107947923A (en) * 2017-11-29 2018-04-20 重庆邮电大学 A kind of attribute key distribution method of no trusted party
US11296861B1 (en) * 2021-04-21 2022-04-05 Clustar Technology Co., Ltd. Paillier decryption system, IC and method
CN116132050A (en) * 2023-01-19 2023-05-16 苏州国芯科技股份有限公司 Message processing method, system, equipment and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于SM2 门限密钥分散的电子签名系统研究与实现";范琳琳;《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》;20180528;正文第1-105页 *

Also Published As

Publication number Publication date
CN117519646A (en) 2024-02-06

Similar Documents

Publication Publication Date Title
Jiang et al. Secure outsourced matrix computation and application to neural networks
Norouzi et al. A simple, sensitive and secure image encryption algorithm based on hyper-chaotic system with only one round diffusion process
Fiore et al. Publicly verifiable delegation of large polynomials and matrix computations, with applications
Ye et al. An efficient chaotic image encryption algorithm based on a generalized Arnold map
CN108604987B (en) Converting Boolean mask values to arithmetic mask values for cryptographic operations
RU2534944C2 (en) Method for secure communication in network, communication device, network and computer programme therefor
CN108718231B (en) Fully homomorphic encryption method, fully homomorphic encryption device and computer readable storage medium
WO2020006692A1 (en) Fully homomorphic encryption method and device and computer readable storage medium
EP2965462A1 (en) Privacy-preserving ridge regression using partially homomorphic encryption and masks
Jayapandian et al. Secure and efficient online data storage and sharing over cloud environment using probabilistic with homomorphic encryption
Ghazanfaripour et al. Designing a digital image encryption scheme using chaotic maps with prime modular
US20170063536A1 (en) Generating Cryptographic Function Parameters Based on an Observed Astronomical Event
US11902432B2 (en) System and method to optimize generation of coprime numbers in cryptographic applications
CN112241537A (en) Longitudinal federated learning modeling method, system, medium and equipment
US11101981B2 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
Kumar et al. Privacy preserving, verifiable and efficient outsourcing algorithm for matrix multiplication to a malicious cloud server
Chakraborty et al. Efficient and accurate homomorphic comparisons
Yadav et al. Private computation of the Schulze voting method over the cloud
Wang et al. TrDup: enhancing secure data deduplication with user traceability in cloud computing
CN117519646B (en) Random data generation method and device, electronic equipment and storage medium
CN115865311B (en) Optimization method and system for constant round secure multiparty computing protocol
Jiang et al. Publicly verifiable private set intersection from homomorphic encryption
Feng et al. Efficient and verifiable outsourcing scheme of sequence comparisons
Liu et al. Improved slender-set linear cryptanalysis
Luo et al. AQ2PNN: Enabling Two-party Privacy-Preserving Deep Neural Network Inference with Adaptive Quantization

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant