CN118194332A

CN118194332A - Privacy intersection method, device, equipment and medium

Info

Publication number: CN118194332A
Application number: CN202410598971.4A
Authority: CN
Inventors: 刘瑞; 孙马秋; 姜林剑; 孙悦
Original assignee: Beijing Password Cloud Core Technology Co ltd
Current assignee: Beijing Password Cloud Core Technology Co ltd
Priority date: 2024-05-15
Filing date: 2024-05-15
Publication date: 2024-06-14

Abstract

The invention discloses a privacy intersection method, device, equipment and medium. The method comprises the following steps: determining an initiating proprietary public key and an initiating proprietary private key of initiating data according to fingerprints and elliptic curve base points of the initiating data; determining an initiating ciphertext of the initiating data according to the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm or an SM2 key exchange algorithm; and sending the initiating ciphertext to a party for privacy intersection, wherein the initiating ciphertext is used for indicating the party to determine intersection data of the privacy intersection according to the initiating ciphertext and the participating ciphertext of the participation data, and returning the intersection data to the initiating party. The embodiment of the invention can improve the efficiency and the safety of privacy intersection.

Description

Privacy intersection method, device, equipment and medium

Technical Field

The present invention relates to the field of information security technologies, and in particular, to a privacy intersection method, device, equipment, and medium.

Background

Privacy interchange (PRIVATE SET Intersection, PSI) is a key technology in privacy computing, also known as privacy set interchange. It allows multiple parties to find the intersection of their respective data sets without revealing any additional information. "additional information" herein refers to any information other than the data intersection. The PSI technology is widely applied to the scenes such as data alignment in longitudinal federal learning or friend discovery through address books in social software.

At present, the fastest privacy set intersection method is based on an unintentional transmission protocol. However, the PSI realized by using the protocol based on the careless transmission and the like has a plurality of defects, such as the requirement of a service system to realize a special operator, higher engineering complexity and low traffic solving efficiency; nor meet the national regulatory requirements. Although some asymmetric encryption algorithms, such as RSA algorithm, are tried to perform privacy exchange, the security is not high and cannot be widely used due to vulnerability of RSA algorithm and security risks such as "preset back door".

Disclosure of Invention

The invention provides a privacy intersection method, device, equipment and medium, which are used for improving the efficiency and safety of privacy intersection.

According to an aspect of the present invention, there is provided a privacy intersection method, including:

Determining an initiating proprietary public key and an initiating proprietary private key of initiating data according to fingerprints and elliptic curve base points of the initiating data;

determining an initiating ciphertext of the initiating data according to the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm or an SM2 key exchange algorithm;

And sending the initiating ciphertext to a party for privacy intersection, wherein the initiating ciphertext is used for indicating the party to determine intersection data of the privacy intersection according to the initiating ciphertext and the participating ciphertext of the participation data, and returning the intersection data to the initiating party.

According to another aspect of the present invention, there is provided a privacy intersection apparatus, including:

the key determining module is used for determining an initiating proprietary public key and an initiating proprietary private key of the initiating data according to the fingerprint and elliptic curve base points of the initiating data;

the ciphertext determining module is used for determining an initiating ciphertext of the initiating data according to the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm or an SM2 key exchange algorithm;

And the intersection determining module is used for sending the initiating ciphertext to the party for privacy intersection, indicating the party to determine intersection data of the privacy intersection according to the initiating ciphertext and the participation ciphertext of the participation data, and returning the intersection data to the initiating party.

According to another aspect of the present invention, there is provided an electronic apparatus including:

At least one processor; and

A memory communicatively coupled to the at least one processor; wherein,

The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the privacy routing method of any one of the embodiments of the present invention.

According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement the privacy intersection method of any of the embodiments of the present invention when executed.

The embodiment of the invention realizes privacy intersection by using the calculation process of the same principle as the SM2 key negotiation algorithm, has simple flow and less interaction times, can directly use the existing SM2 algorithm for calculating ciphertext, reduces engineering realization difficulty, improves intersection efficiency, and simultaneously meets the requirement of safety compliance. In addition, compared with other asymmetric algorithms, such as an RSA algorithm, an SM2 algorithm or an ECC algorithm can use a shorter key to realize higher safety, the calculated amount is smaller, the processing speed is faster, the occupied storage space and transmission bandwidth are smaller, the security risks of vulnerability, preset backdoor and the like of the RSA algorithm are avoided, the autonomous controllability of the key link of the cryptographic algorithm is ensured, and the safety and the reliability of the information security infrastructure are ensured.

It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a privacy intersection method according to an embodiment of the present invention;

FIG. 2A is a flow chart of a privacy resolution method according to yet another embodiment of the present invention;

FIG. 2B is a schematic diagram of a privacy interaction flow provided according to another embodiment of the present invention;

Fig. 3 is a schematic structural diagram of a privacy intersection method according to another embodiment of the present invention;

Fig. 4 is a schematic structural diagram of an electronic device implementing an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The privacy set interaction is classified according to the password technology of the bottom layer dependence mainly comprises the following steps:

1. a public key cryptography-based PSI scheme comprising: a PSI scheme based on key exchange (DH: diffie-Hellman) and a PSI scheme with RSA blind signature;

2. PSI scheme based on unintentional transmission (OT: oblivous Transfer);

3. PSI schemes based on generic MPC, such as a garbled circuit (GC: garbled Circuit) based PSI scheme;

4. PSI scheme based on homomorphic encryption (Homomorphic Encryption).

The present invention is a further improvement over the first category.

Fig. 1 is a flowchart of a privacy intersection method according to an embodiment of the present invention, where the method may be implemented by a privacy intersection device, which may be implemented in hardware and/or software, and the device may be configured in an electronic device having corresponding data processing capabilities, for example, an initiator of a privacy intersection, where the initiator performs a privacy intersection with a participant of the privacy intersection according to local initiating data. As shown in fig. 1, the method includes:

S110, determining an initiating private public key and an initiating private key of the initiating data according to the fingerprint and elliptic curve base points of the initiating data.

Wherein, the data is initiated, the private public key is initiated, and the private key is initiated in one-to-one correspondence. The fingerprint may be a hash value of the data.

Specifically, the initiator has N (N is greater than or equal to 1) pieces of initiation data. For each piece of initiation data, the initiator calculates the fingerprint of the initiation data, and determines the corresponding initiation private public key and initiation private key according to the fingerprint of the initiation data and the elliptic curve base point. In the case of N pieces of originating data, the determined originating private public key and originating private key have N pairs.

S120, determining an initiating ciphertext of the initiating data according to the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm or an SM2 key exchange algorithm.

The preset elliptic encryption algorithm is an elliptic encryption algorithm similar to the SM2 key exchange algorithm, so that the preset elliptic encryption algorithm is used, the SM2 key exchange algorithm can be compatible, the SM2 key exchange algorithm can be used for realizing the protocol without realizing new operators again, and engineering realization is facilitated on the basis of improving safety and compliance.

Specifically, the unit security strength of the ECC algorithm (comprising a preset elliptic encryption algorithm and an SM2 key exchange algorithm) is far higher than that of the RSA algorithm, the security strength of the ECC algorithm can be provided with less computing power than that of the RSA algorithm, and the required key length is far lower than that of the RSA algorithm. At present, the SM2 algorithm based on ECC generally adopts 256-bit key length, the encryption strength is equal to 3072-bit RSA key, and is far higher than 2048-bit RSA key generally adopted in industry. The ECC algorithm is selected to realize the PSI protocol, so that on one hand, the vulnerability of the RSA algorithm and the safety risks of 'preset back door' and the like can be avoided, on the other hand, the autonomous controllability of the key link of the cryptographic algorithm is ensured, and the safety and the credibility of the information safety infrastructure are ensured.

And selecting an algorithm from a preset elliptic encryption algorithm of the self-defined encryption process and an SM2 key exchange algorithm of the disclosed encryption process as an encryption algorithm for initiating data. And respectively calculating an initiation ciphertext corresponding to each initiation data according to the selected encryption algorithm and the participation of the algorithm by combining the initiation proprietary public key and the initiation proprietary private key which are determined before, and finally obtaining N ciphertexts.

And S130, sending the initiating ciphertext to a party for privacy intersection, and indicating the party to determine intersection data of the privacy intersection according to the initiating ciphertext and the participation ciphertext of the participation data, and returning the intersection data to the initiator.

Specifically, the participant has M (M is more than or equal to 1) participation data. For each participation data, the participation party adopts the same algorithm as the initiator to calculate the participation ciphertext corresponding to each participation data, and finally M participation ciphertexts are obtained. The participant compares the N initiating ciphertexts with the M participating ciphertexts one by one, and if the initiating ciphertexts and the participating ciphertexts with equal values exist, the initiating ciphertexts are determined to be intersection data, and the number of the intersection data is smaller than or equal to N. After all the comparisons are completed, the participant returns the determined intersection data to the requesting party.

Optionally, the SM2 key exchange algorithm, determining the initiation ciphertext of the initiation data according to the initiation private public key and the initiation private key includes:

Determining the initiating proprietary private key as a temporary private key of an SM2 key exchange algorithm;

Determining the originating proprietary public key as a temporary public key of an SM2 key exchange algorithm;

And calculating the initiation ciphertext of the initiation data according to the temporary private key and the temporary public key based on an SM2 key exchange algorithm.

Specifically, the temporary private key in the existing SM2 key exchange algorithm is normally a random number, and the temporary public key is the product of the random number and the elliptic curve base point. The random number is defined as a fingerprint of the initiating data, namely, the initiating private key is designated as a temporary private key of the SM2 key exchange algorithm, the initiating private public key is designated as a temporary public key of the SM2 key exchange algorithm, and the temporary public key is not exchanged in the middle process. Based on the encryption process disclosed by the SM2 key exchange algorithm, the initiation ciphertext corresponding to the initiation data is calculated by using the temporary private key and the temporary public key, and the specific encryption process is public and commercial as the SM2 key exchange algorithm is disclosed and omitted.

Fig. 2A is a flowchart of a privacy intersection method according to another embodiment of the present invention, where the embodiment is optimized and improved based on the foregoing embodiment. As shown in fig. 2A, the method includes:

S210, sharing elliptic curve parameters with the participants, and determining an initiator private key and an initiator public key; and sending the public key of the initiator to the participant, wherein the public key of the initiator is used for indicating the participant to return the public key of the participant to the initiator according to the public key of the initiator.

Specifically, as shown in fig. 2B, the initiator and the participant will first share elliptic curve parameters (e.g. SM2 curve) and a fingerprint extraction algorithm. Then each generates its own public and private keys (a, a) and (B, B), and exchanges the public keys with each other. A and a are the initiator public key and the initiator private key, respectively, and B and B are the participant public key and the participant private key, respectively.

S220, determining the fingerprint of the initiation data as an initiation private key; and determining the product of the initiation private key and the elliptic curve base point as an initiation private public key of the initiation data.

Specifically, the initiator has N pieces of initiation data, which are: ma1, ma2, …, maN.

For each initiation data Mai, the initiator extracts its fingerprint xi as its corresponding initiation-specific private key by means of a fingerprint extraction algorithm, e.g. xi=hash (Mai) mod N (i=1, 2, …, N), N being the order of elliptic curves, HASH may here also use a secure HASH function or some irreversible one-way function, like SM3 or PBKDF2.

For each originating private key Xi, calculating its corresponding originating private public key Xi, xi=xi×g, where G is the elliptic curve base point, and finally obtaining N key pairs (Xi, xi).

S230, acquiring initial coordinates of the private public key on an elliptic curve; and determining an initiation ciphertext of the initiation data according to the initiation private public key, the initiation private key, the initiation first coordinate, elliptic curve cofactor, the participant public key and the participant private key.

Where the public key of the elliptic curve is a point on the elliptic curve, it is usually expressed in affine coordinates as two numbers, e.g. the first coordinate of point P (r, s) is r, i.e. P' =r.

Specifically, for each initiation data Mai, the initiator calculates:

Sai = xi + Xi’* a

Ki = h*Sai（Xi + Xi’*B）

where h is the cofactor of the elliptic curve, xi' is the first coordinate of the initiating private public key on the elliptic curve, a is the initiating private key, and B is the participating public key.

And taking the Ki as an initiating ciphertext corresponding to the initiating data Mai to finally obtain N initiating ciphertexts which are K1, K2, KN.

Optionally, the initiation ciphertext is determined by the following formula:

Sai = xi + Xi’* a ，i∈[1，N]

Ki = h*Sai（Xi + Xi’*B）

Wherein Xi is an initiating private key, xi is an initiating private public key, xi' is an initiating first coordinate, a is an initiating private key, B is a participant public key, h is an elliptic curve cofactor, ki is an initiating ciphertext, N

The total number of originating data owned by the originating party.

Optionally, the process of determining the participation ciphertext by the participant is as follows:

determining a fingerprint of the participation data as a participation private key;

determining the product of the participation private key and the elliptic curve base point as a participation private public key of the participation data;

Acquiring the first participation coordinate of the participation private public key on an elliptic curve;

and determining the participation ciphertext of the participation data according to the participation private public key, the participation private key, the participation first coordinate, the elliptic curve cofactor, the initiator public key and the participation private key.

Specifically, the participant has M pieces of participation data, which are respectively: mb1, mb2, …, mbM.

For each participating data Mbj, the party extracts its fingerprint yi as the initiating private key by a fingerprint extraction algorithm, e.g., yj=hash (Mbj) mod n (j=1, 2, …, M), where n is the order of the elliptic curve, HASH may also use a secure HASH function or some irreversible one-way function, such as SM3 or PBKDF2.

For each participating private key Yj, calculating the corresponding participating private public key Yj, yj=yj×g, G being the elliptic curve base point, and finally obtaining M key pairs (Yj, yj).

For each participation data Mbj, the participants calculate:

Sbj = yj + Yj’* b；

Zj = h*Sbj（Yj + Yj’*A）

Where h is the cofactor of the elliptic curve, yj' is the first coordinate of the participating private public key on the elliptic curve, b is the participating private key, and a is the requesting public key.

And taking Zj as a participation ciphertext corresponding to the participation data Mbj, and finally obtaining M initiating ciphertexts which are respectively Z1, Z2.

And S240, sending the initiating ciphertext to a party for privacy intersection, and indicating the party to determine intersection data of the privacy intersection according to the initiating ciphertext and the participation ciphertext of the participation data, and returning the intersection data to the initiator.

According to the embodiment of the invention, the PSI protocol is realized through the ECC algorithm, so that on one hand, the vulnerability of the RSA algorithm and the safety risks such as 'preset back door' are avoided, on the other hand, the autonomous controllability of the key link of the cryptographic algorithm is ensured, and the safety and the credibility of the information safety infrastructure are ensured.

Fig. 3 is a schematic structural diagram of a privacy intersection device according to another embodiment of the present invention. As shown in fig. 3, the apparatus includes:

A key determining module 310, configured to determine an originating private public key and an originating private key of the originating data according to a fingerprint and an elliptic curve base point of the originating data;

the ciphertext determining module 320 is configured to determine an initiating ciphertext of the initiating data according to the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm or an SM2 key exchange algorithm;

The intersection determining module 330 is configured to send the initiation ciphertext to a party for privacy intersection, instruct the party to determine intersection data of the privacy intersection according to the initiation ciphertext and the participation ciphertext of the participation data, and return the intersection data to the initiator.

The privacy intersection device provided by the embodiment of the invention can execute the privacy intersection method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.

Optionally, the key determining module 310 module includes:

the private key determining unit is used for determining the fingerprint of the initiating data as an initiating private key;

And the public key determining unit is used for determining the product of the initiation private key and the elliptic curve base point as an initiation private public key of the initiation data.

Optionally, the ciphertext determination module 320 may include:

the coordinate determining unit is used for acquiring the initial coordinate of the initiation private public key on the elliptic curve;

and the ciphertext determining unit is used for determining the initiating ciphertext of the initiating data according to the initiating private public key, the initiating private key, the initiating first coordinate, the elliptic curve residual factor, the participant public key and the participant private key.

Optionally, the initiation ciphertext is determined by the following formula:

Sai = xi + Xi’* a ，i∈[1，N]

Ki = h*Sai（Xi + Xi’*B）

The total number of originating data owned by the originating party.

Optionally, the apparatus further includes:

the parameter sharing module is used for sharing elliptic curve parameters with the participants and determining an initiator private key and an initiator public key;

and the secret key sharing module is used for sending the public key of the initiator to the participant and indicating the participant to return the public key of the participant to the initiator according to the public key of the initiator.

Optionally, the ciphertext determination module 320 may include:

a temporary private key determining unit, configured to determine the initiating private key as a temporary private key of an SM2 key exchange algorithm;

a temporary public key determining unit, configured to determine the initiating private public key as a temporary public key of an SM2 key exchange algorithm;

A ciphertext calculation unit for calculating an initiation ciphertext of the initiation data according to the temporary private key and the temporary public key based on an SM2 key exchange algorithm

The privacy intersection device further described can also execute the privacy intersection method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 4 shows a schematic diagram of an electronic device 40 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.

As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM) 42, a Random Access Memory (RAM) 43, etc., in which the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 42 or the computer program loaded from the storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data required for the operation of the electronic device 40 may also be stored. The processor 41, the ROM 42 and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.

Various components in electronic device 40 are connected to I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, an optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.

The processor 41 may be various general and/or special purpose processing components with processing and computing capabilities. Some examples of processor 41 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 41 performs the various methods and processes described above, such as the privacy-preserving method.

In some embodiments, the privacy-seeking method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into RAM 43 and executed by processor 41, one or more steps of the privacy resolution method described above may be performed. Alternatively, in other embodiments, the processor 41 may be configured to perform the privacy-seeking method in any other suitable manner (e.g., by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.

A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.

The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.

It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.

The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims

1. A method of privacy interchange, applied to an initiator of privacy interchange, the method comprising:

2. The method of claim 1, wherein the determining the originating private public key and the originating private key of the originating data from the fingerprint and elliptic curve base points of the originating data comprises:

determining the fingerprint of the initiation data as an initiation private key;

and determining the product of the initiation private key and the elliptic curve base point as an initiation private public key of the initiation data.

3. The method according to claim 2, wherein the initiating ciphertext of the initiating data is determined based on the initiating private public key and the initiating private key based on a preset elliptic encryption algorithm; comprising the following steps:

acquiring initial coordinates of the initiating private public key on an elliptic curve;

And determining an initiation ciphertext of the initiation data according to the initiation private public key, the initiation private key, the initiation first coordinate, elliptic curve cofactor, the participant public key and the participant private key.

4. A method according to claim 3, wherein the initiation ciphertext is determined by the following formula:

Sai = xi + Xi’* a ，i∈[1，N]

Ki = h*Sai（Xi + Xi’*B）

The total number of originating data owned by the originating party.

5. A method according to claim 3, wherein the participant determines the participation in ciphertext as follows:

6. A method according to claim 3, wherein before determining the originating private public key and the originating private key of the originating data from the fingerprint and elliptic curve base points of the originating data, further comprising:

Sharing elliptic curve parameters with the participants, and determining an initiator private key and an initiator public key;

And sending the public key of the initiator to the participant, wherein the public key of the initiator is used for indicating the participant to return the public key of the participant to the initiator according to the public key of the initiator.

7. The method of claim 2, wherein the SM2 key exchange algorithm to determine the initiation ciphertext of the initiation data from the initiation private public key and the initiation private key comprises:

8. A privacy solicitation apparatus deployed at an initiator of a privacy solicitation, the apparatus comprising:

9. An electronic device, the electronic device comprising:

At least one processor; and

A memory communicatively coupled to the at least one processor; wherein,

The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the privacy intersection method of any of claims 1-7.

10. A computer readable storage medium storing computer instructions for causing a processor to implement the privacy intersection method of any of claims 1-7 when executed.