CN117520970A

CN117520970A - Symbol position determining method, device and system based on multiparty security calculation

Info

Publication number: CN117520970A
Application number: CN202410019396.8A
Authority: CN
Inventors: 蔡静轩; 包嘉斌; 黄翠婷; 周一竞; 陈涛; 蒋韬; 祝伟; 肖俊
Original assignee: Tongdun Technology Co ltd; Zhejiang University ZJU
Current assignee: Tongdun Technology Co ltd; Zhejiang University ZJU
Priority date: 2024-01-05
Filing date: 2024-01-05
Publication date: 2024-02-06
Anticipated expiration: 2044-01-05
Also published as: CN117520970B

Abstract

The application provides a symbol bit determining method, a symbol bit determining device and a symbol bit determining system based on multiparty security calculation, which relate to the technical field of computers and can acquire first secret fragments of secret data, first random number fragments and second random number fragments corresponding to first pseudo random numbers and send the second random number fragments to opposite-end participants; probability truncation processing is carried out on each bit in the first secret fragment to obtain a first intermediate array; receiving a third random number fragment sent by the opposite-end party, and generating a first target array based on the first random number fragment, the third random number fragment and the first intermediate array; receiving a second target array transmitted by the opposite-end party, and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data. Therefore, communication resources can be saved, and communication efficiency is improved.

Description

Symbol position determining method, device and system based on multiparty security calculation

Technical Field

The present application relates to the field of computer technologies, and in particular, to a sign bit determining method based on multiparty security computation, a sign bit determining device based on multiparty security computation, a sign bit determining system based on multiparty security computation, a computer readable storage medium, and an electronic device.

Background

The secure multiparty calculation refers to that under the condition of no trusted third party, a plurality of participants cooperatively calculate a contracted function, each party is ensured to only acquire own calculation result, and input and output data of any other party cannot be deduced through interaction data in the calculation process.

In business scenes such as financial wind control and joint marketing, secure multiparty computation is increasingly widely applied. Based on the secure multiparty calculation, operations such as privacy intersection, hidden retrieval and the like can be executed among the participants, and therefore, various technical purposes can be achieved based on the secure multiparty calculation. Specifically, among the various technical purposes is the technical purpose of determining the sign (e.g., positive/negative) of secret data/private data. In some scenarios (e.g., a scenario where a privacy preserving machine learning model is built), a participant needs to learn the sign of the secret data/privacy data, but does not need to learn the full data content of the secret data/privacy data, determining the sign of the secret data/privacy data is a critical precondition for the participant to perform other calculations/operations (e.g., to perform functions of a nonlinear network layer).

In the related art, in order to determine the sign of secret data/private data, a participant performs bit traversal on the held local private data to perform bit-by-bit calculation for each bit, and after traversing the local private data, the sign of the private data can be calculated. Wherein the calculation for each bit depends not only on the calculation result of the previous bit, but also on the communication with other parties holding the remaining part of the private data. As can be seen, in the related art determining the sign of the private data, more communication resources are required to be consumed.

It should be noted that the information disclosed in the foregoing background section is only for enhancing understanding of the background of the present application and thus may include information that does not form an existing solution known to those of ordinary skill in the art.

Disclosure of Invention

The present application aims to provide a sign bit determining method based on multiparty security calculation, a sign bit determining device based on multiparty security calculation, a sign bit determining system based on multiparty security calculation, a computer readable storage medium and an electronic device, which can introduce random number fragments of pseudo random numbers to assist in determining sign bits of secret data, save communication resources based on the random number fragments, and avoid the problem of large communication resource consumption caused by the need of communication with other parties in each bit calculation in the related art. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.

According to an aspect of the present application, there is provided a sign bit determining method based on multiparty security computation, the method comprising:

acquiring a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to a first pseudo random number, and sending the second random number fragment to a counterpart party;

probability truncation processing is carried out on each bit in the first secret fragment to obtain a first intermediate array;

receiving a third random number fragment sent by the opposite-end party, and generating a first target array based on the first random number fragment, the third random number fragment and the first intermediate array; the opposite-end party is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number;

receiving a second target array transmitted by the opposite-end party, and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data.

In one exemplary embodiment of the present application, obtaining a first random number fragment and a second random number fragment of a first pseudorandom number includes:

generating a first pseudo-random number based on a random number generator;

a first random number fragment and a second random number fragment corresponding to the first pseudo-random number are generated based on an additive secret sharing protocol.

In an exemplary embodiment of the present application, probability truncation is performed on each bit in the first secret segment to obtain a first intermediate array, including:

the first secret patch is circularly traversed to calculate a first intermediate value of each bit in the first secret patch based on a probability truncation algorithm, and a first intermediate array containing a plurality of first intermediate values is obtained.

In one exemplary embodiment of the present application, generating a first target array based on a first random number fragment, a third random number fragment, and a first intermediate array includes:

fusing the first random number fragment and the third random number fragment into first reference data;

and performing bit alignment operation on the first intermediate array and the first reference data to obtain a first target array.

In an exemplary embodiment of the present application, performing bit alignment operation on the first intermediate array and the first reference data to obtain a first target array includes:

Multiplying the first intermediate array by the element of the first reference data corresponding to the same bit, and fusing each multiplication result with a preset value to obtain a first target array containing a plurality of fusion results.

In one exemplary embodiment of the present application, determining sign bits of secret data based on a first target array and a second target array includes:

fusing the first target array and the second target array into a designated array;

traversing the elements in the designated array, if the elements equal to the first preset value exist, judging that the sign bit of the secret data is positive, otherwise, judging that the sign bit of the secret data is negative.

In an exemplary embodiment of the present application, the manner in which the peer participant generates the second target array based on the second random number fragment, the fourth random number fragment, and the second intermediate array corresponding to the secret data is that: circularly traversing a second secret fragment of the secret data to calculate a second intermediate value of each bit in the second secret fragment based on a probability truncation algorithm to obtain a second intermediate array comprising a plurality of second intermediate values; fusing the second random number fragment and the fourth random number fragment into second reference data; and performing bit alignment operation on the second intermediate array and the second reference data to obtain a second target array.

receiving a public key, an array ciphertext and a reference ciphertext which are sent by an opposite-end participant; the opposite-end participant is further used for encrypting the second intermediate array and the second reference data into an array ciphertext and a reference ciphertext respectively based on the public key;

calculating a first ciphertext product of the array ciphertext and the first intermediate array, and a second ciphertext product of the reference ciphertext and the first reference data, and sending the first ciphertext product and the second ciphertext product to the opposite-end party;

obtaining a first product and a second product which are output after the opposite-end participant decrypts the first ciphertext product and the second ciphertext product respectively based on a private key; wherein the private key corresponds to the public key;

fusing the first target array, the second target array, the first product and the second product to obtain a specific array;

traversing the elements in the specific array, if the elements equal to the second preset value exist, judging that the sign bit of the secret data is positive, otherwise, judging that the sign bit of the secret data is negative.

According to an aspect of the present application, there is provided a sign bit determining apparatus based on multiparty security computation, the apparatus comprising:

The acquisition unit is used for acquiring a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to the first pseudo random number, and transmitting the second random number fragment to the opposite party;

the array calculation unit is used for carrying out probability truncation processing on each bit in the first secret fragment to obtain a first intermediate array;

the array generation unit is used for receiving the third random number fragment sent by the opposite-end party and generating a first target array based on the first random number fragment, the third random number fragment and the first intermediate array; the opposite-end party is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number;

a sign bit determining unit for receiving a second target array transmitted by the opposite party and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data.

In an exemplary embodiment of the present application, the acquiring unit acquires a first random number fragment and a second random number fragment of a first pseudo random number, including:

Generating a first pseudo-random number based on a random number generator;

In an exemplary embodiment of the present application, the performing probability truncation processing on each bit in the first secret sharing by the array computing unit to obtain a first intermediate array includes:

In an exemplary embodiment of the present application, the array generating unit generates a first target array based on the first random number fragment, the third random number fragment, and the first intermediate array, including:

In an exemplary embodiment of the present application, the bit alignment operation is performed on the first intermediate array and the first reference data by the array generating unit to obtain a first target array, including:

In an exemplary embodiment of the present application, the sign bit determining unit determines sign bits of the secret data based on the first target array and the second target array, including:

According to an aspect of the present application, there is provided a sign bit determination system based on multiparty security computation, the system comprising: a home terminal participant and a peer terminal participant, wherein:

The local end participant is used for acquiring a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to the first pseudo random number, and sending the second random number fragment to the opposite end participant;

the local end participant is also used for carrying out probability truncation processing on each bit in the first secret fragment to obtain a first intermediate array;

the opposite-end participant is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number and sending the third random number fragment to the local-end participant;

the local end participant is further used for generating a first target array based on the first random number fragment, the third random number fragment and the first intermediate array;

the opposite-end participant is also used for generating a second target array based on a second random number fragment, a fourth random number fragment and a second intermediate array corresponding to the secret data, and sending the second target array to the local-end participant;

the local side participant is further configured to determine sign bits of the secret data based on the first target array and the second target array.

According to an aspect of the present application, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of any of the above.

According to an aspect of the present application, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the method of any of the above via execution of executable instructions.

Exemplary embodiments of the present application may have some or all of the following benefits:

in the symbol bit determining method based on multiparty security calculation provided in an exemplary embodiment of the present application, random number fragments of pseudo random numbers may be introduced to assist in determining symbol bits of secret data, so as to save communication resources based on the random number fragments, and avoid the problem of large communication resource consumption caused by the need of communicating with other parties in each bit calculation in the related art. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.

Fig. 1 schematically illustrates a flow chart of a sign bit determination method based on multiparty security computation according to one embodiment of the present application.

Fig. 2 schematically illustrates a computational process diagram of a sign bit determination method based on multiparty security computation according to an embodiment of the present application.

Fig. 3 schematically illustrates a flow chart of a sign bit determination method based on multiparty security calculations according to another embodiment of the present application.

Fig. 4 schematically illustrates a block diagram of a symbol bit determination system based on multiparty security calculations, in accordance with one embodiment of the present application.

Fig. 5 schematically shows a block diagram of a sign bit determining apparatus based on multiparty security computation in an embodiment according to the present application.

Fig. 6 schematically shows a schematic of a computer system suitable for use in implementing the electronic device of the embodiments of the present application.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known aspects have not been shown or described in detail to avoid obscuring aspects of the present application.

Furthermore, the drawings are only schematic illustrations of the present application and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

Referring to fig. 1, fig. 1 schematically illustrates a flow chart of a symbol bit determination method based on multiparty security calculations according to one embodiment of the present application. The sign bit determining method based on multiparty security calculation can be executed by a local party, in the actual application process, any party can be used as the local party, as shown in fig. 1, the sign bit determining method based on multiparty security calculation can comprise: step S110 to step S140.

Step S110: the method comprises the steps of obtaining a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to a first pseudo random number, and sending the second random number fragment to a counterpart party.

Step S120: and carrying out probability truncation processing on each bit in the first secret fragment to obtain a first intermediate array.

Step S130: receiving a third random number fragment sent by the opposite-end party, and generating a first target array based on the first random number fragment, the third random number fragment and the first intermediate array; the opposite-end party is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number.

Step S140: receiving a second target array transmitted by the opposite-end party, and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data.

By implementing the method shown in fig. 1, random number fragments of pseudo random numbers can be introduced to assist in determining sign bits of secret data, communication resources are saved based on the random number fragments, and the problem of large communication resource consumption caused by the need of communicating with other parties in each bit calculation in the related art is avoided. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

Next, the above steps of the present exemplary embodiment will be described in more detail.

In step S110, a first secret fraction of secret data and first and second random number fractions corresponding to the first pseudo random number are acquired, and the second random number fraction is transmitted to the counterpart party.

In particular, secret data refers to data that is not fully exposed to the parties; the secret data may correspond to any data size and any data format, and the embodiment of the present application is not limited.

In the application, each party may be understood as a local party and an opposite party, where the local party and the opposite party may respectively hold a secret fragment of secret data, that is, the local party holds a first secret fragment of secret data, and the opposite party holds a second secret fragment of secret data, where the secret data may be formed by the first secret fragment and the second secret fragment, and both the first secret fragment and the second secret fragment may be understood as local data of the secret data.

Wherein, specifically, if the secret data is X andl is the effective bit length of X, and the local end participation party is P ₀ The opposite end participation party is P ₁ . Then P ₀ The corresponding first secret piece may be denoted +.>，P ₁ Corresponding second secret shards mayExpressed as +.>. Wherein (1)>And->The data amount may correspond to the same data amount or may correspond to different data amounts, and embodiments of the present application are not limited.

Alternatively, in other application scenarios, each participant may be understood as a greater number (e.g., 3) of participants.

It should be noted that, there is no grade division between the local end participant and the opposite end participant, and the named local end participant and the opposite end participant are only used for distinguishing the two independent different participants, in the practical application process, if the participant a exists, the participant a can be used as the local end participant to communicate with other participants as the opposite end participant, and the participant a can also be used as the participant to communicate with other local end participants, which is not limited in the embodiment of the present application.

For the local party, in addition to obtaining the first secret fragment of the secret data, the first random number fragment and the second random number fragment corresponding to the first pseudo random number may be obtained, and the first pseudo random number may be generated by the local party or may be obtained by being distributed by a trusted third party. For the opposite-end party needing to communicate with the local-end party, the corresponding pseudo-random number can be obtained, namely, the second pseudo-random number corresponding to the opposite-end party is obtained.

In order to perform pseudorandom number fragment exchange to achieve symbol bit determination of secret data, the home terminal party may generate a first random number fragment and a second random number fragment of the first pseudorandom number, and the peer terminal party may generate a third random number fragment and a fourth random number fragment of the second pseudorandom number. Wherein, there is no priority between the first random number chip and the second random number chip, and similarly, there is no priority between the third random number chip and the fourth random number chip. The local end participant sends the second random number fragment to the opposite end participant, which can be understood as that the local end participant sends any random number fragment of the two random number fragments to the opposite end participant. Specifically, in the application, the local end participant exchanges the second random number fragment with the third random number fragment of the opposite end participant, the local end participant holds the first random number fragment and the third random number fragment after exchange, and the opposite end participant holds the second random number fragment and the fourth random number fragment after exchange.

For example, if the local party is P ₀ ，P ₀ The corresponding first pseudo-random number is r ₀ ，r ₀ The first random number fragment of (2) is，r ₀ The second random number fragment of (2) is +. >The method comprises the steps of carrying out a first treatment on the surface of the The opposite end participation party is P ₁ ，P ₁ The corresponding second pseudo-random number is r ₁ ，r ₀ +r ₁₌ r，r ₁ The third random number fragment of (2) is +.>，r ₁ The fourth random number fragment of (2) is +.>. Let->Based on r ₀ The values of the two random number fragments generated are 1 and 2, then it may be +.>May also beFor r ₁ The same applies to the above. Thus, the first random number patch and the second random number patch are equivalent, the third random number patch and the fourth random number patch are also equivalent,with P ₀ For example, send the second random number fragment to P ₁ Equivalent to transmitting a first random number fragment to P ₁ The core idea is to issue one of two random number fragments to P ₁ 。

In addition, optionally, in some specific cases, it is also possible to decide which random number fragment to issue according to the transmission cost of the random number fragment, to P ₀ For example, if the transmission cost of the first random number fragment is smaller than the transmission cost of the second random number fragment, the first random number fragment may be transmitted to P ₁ The method comprises the steps of carrying out a first treatment on the surface of the The transmission cost may depend on factors such as the data amount, and the embodiment of the present application is not limited.

As an alternative embodiment of step S110, acquiring the first random number fragment and the second random number fragment of the first pseudo random number includes:

Step S1101: generating a first pseudo-random number based on a random number generator;

step S1102: a first random number fragment and a second random number fragment corresponding to the first pseudo-random number are generated based on an additive secret sharing protocol.

It can be seen that, by implementing this alternative embodiment, the first random number fragment and the second random number fragment can be generated based on the first pseudo random number so as to exchange random number fragments with the opposite-end participants who perform the same operation, and based on this, it is beneficial to reduce the number of communications between the participants and improve the communication efficiency.

Specifically, the random number generator (Random number generator) is a method or apparatus that produces a series of numbers that appear to have no correlation through some algorithms, physical signals, ambient noise, etc. The algorithm relied upon by the random number generator may be any random number generation algorithm specified by the party, and embodiments of the present application are not limited. In the present application, an additive secret sharing (Additively Secret Sharing) protocol is used to encrypt pseudo-random numbers into a plurality of random number fragments.

In step S120, probability truncation processing is performed on each bit in the first secret sharing, so as to obtain a first intermediate array.

Specifically, an outline The rate truncation process may rely on a probability truncation algorithm or other algorithms similar thereto, and embodiments of the present application are not limited. For the local end participants, the probability truncation algorithm can be implemented asFor the opposite party, the probability truncation algorithm may be implemented asThe method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>And->A first secret patch of the local end participant and a second secret patch of the opposite end participant respectively, i represents an ith bit, +.>For processing bits in the first secret patch,for processing bits in the second secret defragmentation.

Based on this, the acquired first intermediate array may be expressed as. Based on a similar way to the acquisition of the first intermediate array, the opposite party can perform probability truncation processing on each bit in the second secret piece to obtain a second intermediate array ∈>。

As an alternative embodiment of step S120, performing probability truncation processing on each bit in the first secret sharing to obtain a first intermediate array, where the method includes:

step S1201: the first secret patch is circularly traversed to calculate a first intermediate value of each bit in the first secret patch based on a probability truncation algorithm, and a first intermediate array containing a plurality of first intermediate values is obtained.

It can be seen that, by implementing this alternative embodiment, the bit processing can be performed on the first secret patch based on the probability truncation algorithm, so as to obtain the first intermediate array that can be applied to the symbol bit determining process, which is helpful for improving the symbol bit determining efficiency, and avoiding the problem of the symbol bit determining efficiency caused by the processing result depending on the previous bit. Moreover, the privacy of the data of each party can be further ensured by utilizing the probability truncation algorithm, and the problem that the data is easy to leak caused by multi-round communication in the related technology is avoided.

Specifically, the first intermediate value refers to the aboveFor example, for bit 0, the corresponding first intermediate value is +.>The method comprises the steps of carrying out a first treatment on the surface of the For bit 1, the corresponding first intermediate value is +.>The method comprises the steps of carrying out a first treatment on the surface of the And so on. The first intermediate array comprising a plurality of first intermediate values is denoted +.>。

In step S130, receiving a third random number fragment sent by the peer participant, and generating a first target array based on the first random number fragment, the third random number fragment, and the first intermediate array; the opposite-end party is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number.

Specifically, the first target array may be applied to a subsequent plaintext reply process, where the first target array includes a plurality of elements. In a similar manner, the peer party may generate a second target array based on the second random number fragment, the fourth random number fragment, and a second intermediate array, which may also be applied to a subsequent plaintext reply procedure. Obtaining the first target array and the second target array may recover plaintext for determining the sign bit.

As an alternative embodiment of step S130, generating the first target array based on the first random number fragment, the third random number fragment, and the first intermediate array includes:

step S1301: fusing the first random number fragment and the third random number fragment into first reference data;

step S1302: and performing bit alignment operation on the first intermediate array and the first reference data to obtain a first target array.

Therefore, by implementing the alternative embodiment, the first random number fragment of the local end and the third random number fragment of the opposite end can be fused into the first reference data, and then the first target array applied to the next plaintext reply process can be obtained based on bit alignment operation for the first intermediate array and the first reference data.

Optionally, the method of fusing the first random number fragment and the third random number fragment into the first reference data may be: fragmenting the first random numberAnd third random number fragment->Adding to obtain first reference data，/>. In a similar manner, the peer party may fragment the second random numberAnd fourth random number fragment->Fusion to second reference data->，/>. The first random number fragment to the fourth random number fragment can be realized in any form of numerical values, arrays and the like.

Furthermore, the bit alignment operation is performed on the first intermediate array and the first reference data, so as to obtain the first target array in the following manner: will first intermediate arrayAnd first reference data->In which the element belonging to the same bit i is substituted +.>To obtain +.>Bit +.>A first destination array may be constructed. In a similar way, the opposite party can write a second intermediate array +.>And second reference data->In which the element belonging to the same bit i is substituted +.>To obtain +.>Bit +.>Can form the second objectSet of labels.

As an alternative embodiment of step S1302, performing a bit alignment operation on the first intermediate array and the first reference data to obtain a first target array includes:

Step S13021: multiplying the first intermediate array by the element of the first reference data corresponding to the same bit, and fusing each multiplication result with a preset value to obtain a first target array containing a plurality of fusion results.

Therefore, by implementing the alternative embodiment, the safe calculation can be realized through bit alignment operation, and the leakage risk of the data is reduced.

Specifically, the elements in the first intermediate array may be aligned with the same bitElement +.>Multiplying and then adding the multiplication result->Fusing with preset value (e.g. 1) to obtain +.>Bit +.>A first destination array may be constructed.

In step S140, receiving a second target array transmitted by the opposite party, and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data.

Specifically, the sign bit of the secret data may indicate that the secret data is positive/negative.

As an alternative embodiment of step S140, determining the sign bit of the secret data based on the first target array and the second target array includes:

Step S1401a: fusing the first target array and the second target array into a designated array;

step S1402a: traversing the elements in the designated array, if there are elements equal to a first preset value (e.g., 0), determining that the sign bit of the secret data is positive, otherwise determining that the sign bit of the secret data is negative.

It can be seen that implementing this alternative embodiment, a specified array of plaintext may be obtained based on the first target array and the second target array, symbol bit decisions may be directly implemented based on the specified array, and efficient symbol bit decisions may be implemented with reduced communication resources.

Optionally, the fusing the first target array and the second target array into the specified array may be: and summing the first target array and the second target array to obtain a designated array sign. Based on a similar way, the opposite-end party can receive the first target array sent by the local-end party, and the opposite-end party can fuse the first target array and the second target array into a designated array, wherein the designated array of the opposite-end party is consistent with the designated array of the local-end party.

Based on the foregoing embodiments, referring to fig. 2, fig. 2 schematically illustrates a schematic calculation process of a symbol bit determining method based on multiparty security calculation according to one embodiment of the present application. As shown in fig. 2, the calculation process of the sign bit determining method based on multiparty security calculation may include:

The local side participant calculates the first intermediate array 212 and the first reference data 213 based on the first secret fragment 211 of the held secret data, and further performs bit alignment operation on the first intermediate array 212 and the first reference data 213, so as to obtain a first target array 214. In a similar manner, the opposite party calculates the second intermediate array 222 and the second reference data 223 based on the second secret fragment 221 of the held secret data, and further performs bit alignment operation on the second intermediate array 222 and the second reference data 223, so as to obtain the second target array 224. Further, the local and peer participants may exchange first target array 214 and second target array 224. Further, the local party and the opposite party can recover the specified array 230 of the plaintext based on the first target array 214 and the second target array 224, and by traversing the elements in the specified array 230, it can be determined whether the sign bit 240 of the secret data is positive or negative, for example, positive sign bit=1 and negative sign bit=0.

As an alternative embodiment, the manner in which the peer participant generates the second target array based on the second random number fragment, the fourth random number fragment, and the second intermediate array corresponding to the secret data is that: circularly traversing a second secret fragment of the secret data to calculate a second intermediate value of each bit in the second secret fragment based on a probability truncation algorithm to obtain a second intermediate array comprising a plurality of second intermediate values; fusing the second random number fragment and the fourth random number fragment into second reference data; and performing bit alignment operation on the second intermediate array and the second reference data to obtain a second target array.

It will be seen that implementing this alternative embodiment may cause the peer party to perform steps similar to those of the home party in order to achieve multiparty secure computing.

Specifically, the manner in which the opposite party obtains the second target array is identical to the manner in which the local party obtains the first target array.

step S1401b: receiving a public key, an array ciphertext and a reference ciphertext which are sent by an opposite-end participant; the opposite-end participant is further used for encrypting the second intermediate array and the second reference data into an array ciphertext and a reference ciphertext respectively based on the public key;

step S1402b: calculating a first ciphertext product of the array ciphertext and the first intermediate array, and a second ciphertext product of the reference ciphertext and the first reference data, and sending the first ciphertext product and the second ciphertext product to the opposite-end party;

step S1403b: obtaining a first product and a second product which are output after the opposite-end participant decrypts the first ciphertext product and the second ciphertext product respectively based on a private key; wherein the private key corresponds to the public key;

step S1404b: fusing the first target array, the second target array, the first product and the second product to obtain a specific array;

Step S1405b: traversing the elements in the specific array, if the elements (such as 1) equal to the second preset value exist, determining that the sign bit of the secret data is positive, otherwise, determining that the sign bit of the secret data is negative.

Therefore, by implementing the alternative embodiment, under the condition that the computing power of the local end participant is low, the peer end participant can bear more computation based on the homomorphic encryption technology, and the application range of the technical scheme of the application can be improved.

Specifically, the peer party may generate a pair of public key pk and private key sk. Further, the opposite party sets a second intermediate array based on the public key pkEncryption is array ciphertext->And second reference data +>Encryption is reference ciphertext->. Furthermore, the opposite party will add the public key pk and the array ciphertext->Reference ciphertext->And sending the message to the local end participant. The local side participant can calculate the first ciphertext product of the array ciphertext and the first intermediate array +.>And reference ciphertext and first reference dataSecond ciphertext product->And transmitting the first ciphertext product and the second ciphertext product to the opposite party. The opposite party may base the first ciphertext product on the private key sk +.>Decryption to the first product +.>And multiplying the second ciphertext product based on the private key sk +. >Decryption to the second product +.>The first product and the second product are sent back to the home participant. Furthermore, the local end participant can fuse the first target array, the second target array, the first product and the second product to obtain a specific array +.>The opposite party may also fuse the first target array, the second target array, the first product, and the second product to obtain the same specific array. Further, each party may traverse the elements in the particular array, determine that the sign bit of the secret data is positive if there are elements equal to 1, and determine that the sign bit of the secret data is negative otherwise.

Referring to fig. 3, fig. 3 schematically illustrates a flow chart of a symbol bit determination method based on multiparty security calculations according to another embodiment of the present application. As shown in fig. 3, the symbol bit determining method based on multiparty security calculation includes: the steps performed by the first party (which may be understood as the home party in the embodiment of fig. 1): step S310a to step S340a; and the steps performed by the second party (which may be understood as the opposite party in the embodiment of fig. 1): step S310b to step S340b.

Step S310a: the first party acquires a first secret fragment of the secret data and first and second random number fragments corresponding to the first pseudo-random number, and transmits the second random number fragments to the second party.

Step S320a: the first participant circularly traverses the first secret shard to calculate a first intermediate value of each bit in the first secret shard based on a probability truncation algorithm to obtain a first intermediate array comprising a plurality of first intermediate values.

Step S330a: the first participant fuses the first random number fragments and the third random number fragments into first reference data, multiplies the first intermediate array and the first reference data corresponding to the elements of the same bit, and fuses the multiplication results with a preset value to obtain a first target array containing a plurality of fusion results; the first destination array is sent to the second party.

Step S340a: the first party fuses the first target array and the second target array into a designated array, traverses elements in the designated array, judges that the sign bit of the secret data is positive if the elements equal to a first preset value exist, and judges that the sign bit of the secret data is negative if the elements equal to the first preset value exist. Or the first party receives the public key, the array ciphertext and the reference ciphertext sent by the second party; calculating a first ciphertext product of the array ciphertext and the first intermediate array, and a second ciphertext product of the reference ciphertext and the first reference data, and transmitting the first ciphertext product and the second ciphertext product to the second party; obtaining a first product and a second product which are output after the second participant decrypts the first ciphertext product and the second ciphertext product respectively based on the private key; fusing the first target array, the second target array, the first product and the second product to obtain a specific array; traversing the elements in the specific array, if the elements equal to the second preset value exist, judging that the sign bit of the secret data is positive, otherwise, judging that the sign bit of the secret data is negative.

Step S310b: the second party acquires a second secret fragment of the secret data and third and fourth random number fragments corresponding to the second pseudo random number, and transmits the third random number fragment to the first party.

Step S320b: the second party circularly traverses the second secret shard to calculate a second intermediate value of each bit in the second secret shard based on a probability truncation algorithm to obtain a second intermediate array comprising a plurality of second intermediate values.

Step S330b: the second participant fuses the second random number fragments and the fourth random number fragments into second reference data, multiplies the second intermediate array and the second reference data by elements corresponding to the same bit, and fuses the multiplication results with a preset value to obtain a second target array containing a plurality of fusion results; a second destination array is sent to the first party.

Step S340b: and the second party fuses the first target array and the second target array into a designated array, traverses the elements in the designated array, judges that the sign bit of the secret data is positive if the elements equal to the first preset value exist, and judges that the sign bit of the secret data is negative if the elements equal to the first preset value exist. Or the second party encrypts the second intermediate array and the second reference data into an array ciphertext and a reference ciphertext respectively based on the public key; sending the public key, the array ciphertext and the reference ciphertext to the first party; receiving a first ciphertext product and a second ciphertext product transmitted by a first participant; decrypting the first ciphertext product and the second ciphertext product based on a private key corresponding to the public key, obtaining a first product and a second product, and sending the first product and the second product to the first participant; fusing the first target array, the second target array, the first product and the second product to obtain a specific array; traversing the elements in the specific array, if the elements equal to the second preset value exist, judging that the sign bit of the secret data is positive, otherwise, judging that the sign bit of the secret data is negative.

It should be noted that, steps S310a to S340a and steps S310b to S340b correspond to the steps and embodiments shown in fig. 1, and for the specific implementation of steps S310a to S340a and steps S310b to S340b, please refer to the steps and embodiments shown in fig. 1, and are not repeated herein.

It can be seen that implementing the method shown in fig. 3, a random number fragment of the pseudo random number may be introduced to assist in determining the sign bit of the secret data, so as to save communication resources based on this, and avoid the problem of large communication resource consumption caused by the need of communicating with other parties in each bit calculation in the related art. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

Referring to fig. 4, fig. 4 schematically illustrates a block diagram of a symbol bit determination system based on multiparty security calculations according to one embodiment of the present application. The multi-party security calculation-based sign-bit determination system 400 corresponds to the method shown in fig. 1, and as shown in fig. 4, the multi-party security calculation-based sign-bit determination system 400 may include: a home party 410 and a peer party 420, wherein:

the home terminal participant 410 is configured to obtain a first secret fragment of the secret data and a first random number fragment and a second random number fragment corresponding to the first pseudo random number, and send the second random number fragment to the peer terminal participant 420;

the local end participant 410 is further configured to perform probability truncation processing on each bit in the first secret piece to obtain a first intermediate array;

the opposite party 420 is configured to obtain a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number, and send the third random number fragment to the local party 410;

the home agent 410 is further configured to generate a first target array based on the first random number fragment, the third random number fragment, and the first intermediate array;

the peer participant 420 is further configured to generate a second target array based on the second random number fragment, the fourth random number fragment, and a second intermediate array corresponding to the secret data, and send the second target array to the peer participant 410;

The home party 410 is further configured to determine sign bits of the secret data based on the first target array and the second target array.

It can be seen that implementing the system shown in fig. 4, a random number fragment of the pseudo random number may be introduced to assist in determining the sign bit of the secret data, so as to save communication resources, and avoid the problem of large communication resource consumption caused by the need of communicating with other parties in each bit calculation in the related art. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

Referring to fig. 5, fig. 5 schematically illustrates a block diagram of a symbol bit determining apparatus based on multiparty security computation in accordance with an embodiment of the present application. The multi-party security calculation-based sign-bit determining apparatus 500 corresponds to the method shown in fig. 1, and as shown in fig. 5, the multi-party security calculation-based sign-bit determining apparatus 500 includes:

an obtaining unit 501, configured to obtain a first secret fragment of secret data and a first random number fragment and a second random number fragment corresponding to a first pseudo random number, and send the second random number fragment to a peer party;

the array calculating unit 502 is configured to perform probability truncation processing on each bit in the first secret piece to obtain a first intermediate array;

an array generating unit 503, configured to receive a third random number fragment sent by the peer party, and generate a first target array based on the first random number fragment, the third random number fragment, and the first intermediate array; the opposite-end party is used for acquiring a third random number fragment and a fourth random number fragment corresponding to the second pseudo random number;

a sign bit determining unit 504, configured to receive the second target array sent by the peer party, and determine a sign bit of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragments, the fourth random number fragments and a second intermediate array corresponding to the secret data.

It can be seen that implementing the apparatus shown in fig. 5, a random number fragment of a pseudo random number may be introduced to assist in determining the sign bit of secret data, so as to save communication resources, and avoid the problem of large communication resource consumption caused by the need of communicating with other parties in each bit calculation in the related art. Specifically, in the present application, for the home terminal participant, a first random number fragment and a second random number fragment of the first pseudo random number may be generated, and for the peer terminal participant, a third random number fragment and a fourth random number fragment of the second pseudo random number may be generated. Further, the second random number fragment and the third random number fragment are exchanged, so that both parties can hold the random number fragment of each other. On the basis, when bit processing is carried out on the first secret fragment, the first random number fragment of the local end participant and the third random number fragment of the opposite end participant can be referred to, so that a first target array which can be used for determining the sign bit is obtained. Based on the same mode, the opposite-end party can determine the second target array, after the two parties exchange the first target array and the second target array, each party holds the first target array and the second target array, and based on the first target array and the second target array, the sign bit of the secret data can be determined, and communication is not needed in the processing process of each bit. In the implementation process of the embodiment of the application, only two communications are needed, one for receiving the third random number fragment sent by the opposite party and sending the second random number fragment to the opposite party, and the other for receiving the second target array sent by the opposite party and sending the first target array to the opposite party. Therefore, compared with the related art, the method and the device can save communication resources and improve communication efficiency, so that the efficiency of determining the sign bit of secret data is improved.

In an exemplary embodiment of the present application, the acquiring unit 501 acquires a first random number fragment and a second random number fragment of a first pseudo random number, including:

generating a first pseudo-random number based on a random number generator;

In an exemplary embodiment of the present application, the array calculating unit 502 performs probability truncation processing on each bit in the first secret sharing to obtain a first intermediate array, including:

In an exemplary embodiment of the present application, the array generating unit 503 generates a first target array based on the first random number fragment, the third random number fragment, and the first intermediate array, including:

In an exemplary embodiment of the present application, the array generating unit 503 performs bit alignment operation on the first intermediate array and the first reference data to obtain a first target array, including:

In an exemplary embodiment of the present application, the sign bit determining unit 504 determines sign bits of the secret data based on the first target array and the second target array, including:

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit, in accordance with embodiments of the present application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Since each functional module of the sign bit determining device based on multiparty security computation according to the exemplary embodiment of the present application corresponds to a step of the above-described exemplary embodiment of the sign bit determining method based on multiparty security computation, for details not disclosed in the embodiment of the device of the present application, please refer to the above-described embodiment of the sign bit determining method based on multiparty security computation according to the present application.

Referring to fig. 6, fig. 6 shows a schematic diagram of a computer system suitable for implementing the electronic device of the embodiments of the present application.

It should be noted that, the computer system 600 of the electronic device shown in fig. 6 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for system operation are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.

In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The computer program, when executed by a Central Processing Unit (CPU) 601, performs the various functions defined in the methods and apparatus of the present application.

As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer-readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the methods described in the above embodiments.

It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.

Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.

Claims

1. A sign bit determination method based on multiparty security computation, comprising:

acquiring a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to a first pseudo random number, and sending the second random number fragment to a peer party;

receiving a third random number fragment sent by the opposite-end participant, and generating a first target array based on the first random number fragment, the third random number fragment and a first intermediate array; the opposite-end party is used for acquiring the third random number fragment and the fourth random number fragment corresponding to the second pseudo random number;

Receiving a second target array transmitted by the opposite party, and determining sign bits of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragment, the fourth random number fragment and a second intermediate array corresponding to the secret data.

2. The method of claim 1, wherein obtaining the first random number fragment and the second random number fragment of the first pseudorandom number comprises:

generating a first pseudo-random number based on a random number generator;

a first random number fragment and a second random number fragment corresponding to the first pseudorandom number are generated based on an additive secret sharing protocol.

3. The method of claim 1, wherein performing probability truncation on bits in the first secret fraction to obtain a first intermediate array comprises:

and circularly traversing the first secret fragmentation to calculate first intermediate values of bits in the first secret fragmentation based on a probability truncation algorithm, so as to obtain a first intermediate array containing a plurality of first intermediate values.

4. The method of claim 1, wherein generating a first target array based on the first random number fragment, the third random number fragment, and a first intermediate array comprises:

5. The method of claim 4, wherein performing a bit-alignment operation on the first intermediate array and the first reference data to obtain a first target array comprises:

multiplying the first intermediate array and the first reference data by elements corresponding to the same bit, and fusing each multiplication result with a preset value to obtain a first target array containing a plurality of fusion results.

6. The method of claim 1, wherein determining sign bits of the secret data based on the first target array and the second target array comprises:

traversing the elements in the appointed array, judging that the sign bit of the secret data is positive if the elements equal to the first preset value exist, otherwise judging that the sign bit of the secret data is negative.

7. The method of claim 1, wherein the peer party generates a second target array based on the second random number fragment, the fourth random number fragment, and a second intermediate array corresponding to the secret data by: circularly traversing a second secret fragment of the secret data to calculate a second intermediate value of each bit in the second secret fragment based on a probability truncation algorithm to obtain a second intermediate array comprising a plurality of second intermediate values; fusing the second random number fragment and the fourth random number fragment into second reference data; and performing bit alignment operation on the second intermediate array and the second reference data to obtain a second target array.

8. The method of claim 7, wherein determining sign bits of the secret data based on the first target array and the second target array comprises:

receiving a public key, an array ciphertext and a reference ciphertext which are sent by the opposite-end participant; the opposite-end party is further used for encrypting the second intermediate array and the second reference data into the array ciphertext and the reference ciphertext respectively based on the public key;

calculating a first ciphertext product of the array ciphertext and the first intermediate array, and a second ciphertext product of the reference ciphertext and first reference data, and sending the first ciphertext product and the second ciphertext product to the opposite-end party;

traversing the elements in the specific array, if the elements equal to a second preset value exist, judging that the sign bit of the secret data is positive, otherwise, judging that the sign bit of the secret data is negative.

9. A sign bit determining device based on multiparty security computation, comprising:

the array generation unit is used for receiving a third random number fragment sent by the opposite-end party and generating a first target array based on the first random number fragment, the third random number fragment and a first intermediate array; the opposite-end party is used for acquiring the third random number fragment and the fourth random number fragment corresponding to the second pseudo random number;

a sign bit determining unit, configured to receive a second target array sent by the peer participant, and determine a sign bit of the secret data based on the first target array and the second target array; the opposite-end party is further used for generating a second target array based on the second random number fragment, the fourth random number fragment and a second intermediate array corresponding to the secret data.

10. A sign bit determination system based on multiparty security computation, comprising: a home terminal participant and a peer terminal participant, wherein:

the local end participant is used for acquiring a first secret fragment of secret data, a first random number fragment and a second random number fragment corresponding to a first pseudo-random number, and sending the second random number fragment to the opposite end participant;

the local end participant is further configured to perform probability truncation processing on each bit in the first secret piece to obtain a first intermediate array;

the local end participant is further configured to generate a first target array based on the first random number fragment, the third random number fragment, and a first intermediate array;

the opposite-end participant is further configured to generate a second target array based on the second random number fragment, the fourth random number fragment, and a second intermediate array corresponding to the secret data, and send the second target array to the local-end participant;

11. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1-8.

12. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the method of any of claims 1-8 via execution of the executable instructions.