WO2021070322A1 - 秘密多重反復計算装置、方法及びプログラム - Google Patents
秘密多重反復計算装置、方法及びプログラム Download PDFInfo
- Publication number
- WO2021070322A1 WO2021070322A1 PCT/JP2019/040006 JP2019040006W WO2021070322A1 WO 2021070322 A1 WO2021070322 A1 WO 2021070322A1 JP 2019040006 W JP2019040006 W JP 2019040006W WO 2021070322 A1 WO2021070322 A1 WO 2021070322A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- iterative calculation
- secret
- target
- calculation
- state
- Prior art date
Links
- 238000004364 calculation method Methods 0.000 title claims abstract description 305
- 238000000034 method Methods 0.000 title claims description 25
- 230000000717 retained effect Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 8
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Definitions
- the present invention relates to a cryptographic application technique.
- the present invention particularly relates to a technique for performing iterative calculation without revealing the input and output values and the number of iterations required to complete the calculation.
- Non-Patent Document 1 There is a method called secret calculation as a method of obtaining a specific calculation result without restoring the encrypted numerical value (see, for example, Non-Patent Document 1).
- encryption is performed by distributing numerical fragments among three secret computing devices, and the three secret computing devices perform cooperative calculation, so that addition / subtraction and constant addition are performed without restoring the numerical values.
- Multiplication, constant multiple, logical operation (negative, logical product, logical sum, exclusive OR), data format conversion (integer, binary number) results are distributed to three secret arithmetic units, that is, encrypted. It can be held as it is.
- the number N that is the upper bound of the number of iterations until the end of calculation is obtained in advance. If the condition of the end of calculation is satisfied in the middle, there is a method of performing N iterative calculations without updating the value of the calculation result.
- N the upper bound of the number of iterations until the end of the outer iterative calculation
- M the upper bound of the number of iterations until the end of the inner iterative calculation.
- An object of the present invention is to provide a secret multiple iterative calculation apparatus, method and program that realizes iterative calculation with a small number of executions of the inner iterative calculation when the iterative calculation further includes the iterative calculation. To do.
- the secret multiple iterative calculation device is used in iterative calculation, and a loop variable, which is a predetermined variable whose value can change for each iterative calculation, is set as a dummy value, and the state of each iterative calculation is set to "before execution".
- the secret iterative calculation unit includes a secret initialization unit set to "" and a secret iterative calculation unit that outputs the result of performing the iterative calculation that is the target of the calculation using the input and the predetermined number of iterations.
- the secret loop variable calculation unit that secretly calculates the new value of the loop variable of the target iterative calculation by processing the secret iterative calculation unit for each iterative calculation inside it, and (b) the target iteration.
- the state of the calculation is "Running” and the state of each iterative calculation inside the target iterative calculation is "End”
- the new value is set as the value of the loop variable of the target iterative calculation, and the inside of the target iterative calculation.
- the secret loop variable updater that updates the state of each iterative calculation to "before execution", and (c) the state of the target iterative calculation is "running", and the value of the loop variable of the target iterative calculation is a predetermined end condition.
- a secret update unit that changes the state of the target iterative calculation to "end” when the above conditions are satisfied, and a secret update unit that performs processing a predetermined number of times, and (iii) the state of the target iterative calculation.
- a secret output calculation unit that secretly calculates and outputs the output value of the target iterative calculation from the value of the loop variable.
- the iterative calculation includes the iterative calculation
- the iterative calculation can be realized with a small number of executions of the inner iterative calculation.
- FIG. 1 is a diagram showing an example of a functional configuration of a secret multiple iteration computing device.
- FIG. 2 is a diagram showing an example of a processing procedure of the secret multiple iteration calculation method.
- FIG. 3 is a diagram showing an example of processing of the secret initialization unit 1.
- FIG. 4 is a diagram showing an example of processing of the secret iterative calculation unit 2 for the first iterative calculation.
- FIG. 5 is a diagram showing an example of processing of the secret iterative calculation unit 2 for the second iterative calculation.
- FIG. 6 is a diagram showing a modified example of the processing of the secret iterative calculation unit 2 for the first iterative calculation.
- FIG. 7 is a diagram showing a modified example of the processing of the secret iterative calculation unit 2 for the second iterative calculation.
- FIG. 8 is a diagram showing an example of a functional configuration of a computer.
- the secret multiple iterative calculation device includes a secret initialization unit 1 and a secret iterative calculation unit 2.
- the secret iterative calculation unit 2 includes a secret input reflection unit 21, a secret update unit 22, and a secret output calculation unit 23.
- the secret update unit 22 includes a secret loop variable calculation unit 221, a secret loop variable update unit 222, and a secret end state reflection unit 223.
- the secret multiple iterative calculation method is realized, for example, by each component of the secret multiple iterative calculation device performing the processing of steps S1 to S2 described below and shown in FIG.
- the secret initialization unit 1 sets a loop variable, which is a predetermined variable used in the iterative calculation and whose value can change for each iterative calculation, as a dummy value, and sets the state of each iterative calculation to "before execution" (step).
- the dummy value is a predetermined value indicating that the value of the loop variable is a dummy.
- the secret iterative calculation unit 2 outputs the result of performing the iterative calculation that is the target of the calculation using the input and the predetermined number of iterations (step S2).
- the secret iterative calculation unit 2 includes a secret input reflection unit 21, a secret update unit 22, and a secret output calculation unit 23.
- the processing of step S2 is realized by, for example, the processing of steps S21 to S23 by the secret input reflection unit 21, the secret update unit 22, and the secret output calculation unit 23.
- ⁇ Secret input reflection unit 21 When the state of the target iterative calculation, which is the iterative calculation currently the target of the calculation, is "before execution", and all the inputs of the target iterative calculation are not dummy values, the secret input reflection unit 21 ( a) Using the input of the target iterative calculation, secretly calculate the initial value of the loop variable of the target iterative calculation, and (b) if the target iterative calculation has an inner iterative calculation, the state of each iterative calculation inside it. It is initialized to "before execution”, and (c) the state of the target iterative calculation is changed to "in progress" (step S21).
- the secret update unit 22 includes a secret loop variable calculation unit 221, a secret loop variable update unit 222, and a secret end state reflection unit 223.
- the processing of the secret update unit 22 is realized by, for example, the processing of steps S221 to S223 by the secret loop variable calculation unit 221 and the secret loop variable update unit 222 and the secret end state reflection unit 223.
- the secret update unit 22 performs the processes of steps S221 to S223 by the secret loop variable calculation unit 221 and the secret loop variable update unit 222 and the secret end state reflection unit 223 a predetermined number of times.
- the secret loop variable calculation unit 221 uses the value of the loop variable of the target iterative calculation that was secretly calculated immediately before, and if the target iterative calculation has an inner iterative calculation, the secret iterative calculation for each inner iterative calculation. By performing the processing of Part 2, a new value of the loop variable of the target iterative calculation is secretly calculated (step S221).
- Secret loop variable updater 222 >>> The secret loop variable update unit 222 (bi) secret loop variable calculation unit 221 when the state of the target iterative calculation is "in progress" and the state of each iterative calculation inside the target iterative calculation is "end". The new value secretly calculated in step 2 is used as the value of the loop variable of the target iterative calculation, and (b-ii) the state of each iterative calculation inside the target iterative calculation is updated to "before execution" (step S222).
- the secret end state reflection unit 223 "ends" the state of the target iterative calculation when the state of the target iterative calculation is "executing" and the value of the loop variable of the target iterative calculation satisfies a predetermined end condition. (Step S223).
- the processing of the secret input reflection unit 21 that performs processing such as setting the initial value of the loop variable of the target iterative calculation is not performed. This is because the secret input reflection unit 21 is performed at least when the state of the target iterative calculation is "before execution”. Further, in this case, the processing of the secret output calculation unit 23 that secretly calculates and outputs the output value of the target iterative calculation from the value of the loop variable is not performed. This is because the secret output calculation unit 23 is performed when the state of the target iterative calculation is "finished”.
- the processing of the secret output calculation unit 23 is not performed, and the secret update unit 22 continues the iterative calculation using the value of the loop variable of the target iterative calculation that was secretly calculated immediately before. ..
- the value of the loop variable of the target iterative calculation is retained, and the secret calculation and output of the output value of the target iterative calculation are not performed from the value of the loop variable.
- the target iterative calculation is performed only when all the iterative calculations immediately inside the target iterative calculation are completed.
- the number of executions of the inner iteration is the product of the upper bounds of the number of iterations in each layer, so that it becomes very large, but it can be significantly reduced in the present invention.
- the upper bound of the outer iterations is 6 times
- the upper bound of the inner iterations is 50
- the inner iterations exceed 25 at most 2 times.
- it is necessary to execute the inner iterative calculation 300 50 ⁇ 6 times.
- the time excluding the processing time of the iterative calculation inside x is f (x), and the upper bound of the number of iterations is
- the time excluding the processing time of the iterative calculation inside x is f'(x)
- the upper bound of the number of iterations is N'(x)
- x is included.
- N'(x) the bound N'(x) can be set, the overall processing time can be reduced by this embodiment.
- Example of iterative calculation] 3 and 4 show an example of processing of the secret multiple iterative calculation device when the secret multiple iterative calculation device performs an iterative calculation composed of the first iterative calculation and the second iterative calculation.
- the input of f 1 (x 1 , y 1 ) is x 1 , y 1 and the output of f 1 (x 1 , y 1 ) is z 1 .
- the loop variables of f 1 (x 1 , y 1 ) are a 1 , b 1 , and t 1.
- s 1 be the variable that represents the state of the first iterative calculation.
- the variable s 1 representing the state of the first iterative calculation may be simply abbreviated as the state s 1 of the first iterative calculation. It is assumed that the predetermined number of iterations of the first iterative calculation is n 1. n 1 is a given positive integer.
- the second iterative calculation is written as f 2 (x 2).
- f 2 (x 2 ) is also a function that outputs the smallest multiple of 10 greater than or equal to x 2.
- the input of f 2 (x 2 ) is x 2 and the output of f 2 (x 2 ) is z 2 .
- the loop variables of f 2 (x 2 ) are a 2 and t 2.
- s 2 be the variable that represents the state of the second iterative calculation.
- the variable s 2 representing the state of the second iterative calculation may be simply abbreviated as the state s 2 of the second iterative calculation.
- the predetermined number of iterations of the second iterative calculation is n 2.
- n 2 is a given positive integer.
- [x] is the secret value of x.
- [z] ⁇ AND ([a 1 ], [a 2 ], ..., [a n ]) calculates the secret value of z such that z a 1 a 2 ... a n. Means.
- PRE, RUN, and END represent "before execution”, “running”, and "end”, respectively.
- the secret loop variable calculation unit 221 calculates each process so that if a dummy is included in a part of the input, the output is also a dummy. Such a calculation is called a dummy-corresponding calculation. Each calculation corresponding to the dummy is described as follows.
- the secret iterative calculation is dummy compatible.
- the processing of the secret iterative calculation unit 2 corresponds to "1:” to "39:” in FIG.
- the processing of the secret input reflection unit 21 corresponds to "1:” to "11:” in FIG.
- the processing of the secret update unit 22 corresponds to "12:” to "31:" in FIG.
- the processing of the secret loop variable calculation unit 221 corresponds to "12:” to “17:” in FIG. In “16:” of FIG. 4, the processing of the secret iterative calculation unit 2 for the second iterative calculation inside the first iterative calculation, in other words , the calculation processing of f 2 ([a 1 ']) is performed.
- the processing of the secret iterative calculation unit 2 regarding the second iterative calculation corresponds to "1:" to "34:” in FIG.
- the processing of the secret loop variable update unit 222 corresponds to "18:” to "26:” in FIG.
- the processing of the secret end state reflection unit 223 corresponds to "27:” to "31:" in FIG.
- the processing of the secret output calculation unit 23 corresponds to "32:” to "39:” in FIG.
- data may be exchanged directly between the constituent units of the secret multiple iteration computing device, or may be performed via a storage unit (not shown).
- both the processing when the condition is satisfied and the processing when the condition is not satisfied are executed by changing the write destination to a temporary variable in order not to reveal the conditional value (hidden value). You may.
- the concealed value of the value when the condition is satisfied is [t i ]
- the concealed value of the value when the condition is satisfied is [t i ]
- the concealed value of the bit indicating whether the condition is satisfied (1) or not (0) is [c]
- [a i ] ⁇ [c ] ⁇ [t i ] + (1- [c]) ⁇ [f i ] may be calculated.
- the secret input reflection unit 21, the secret loop variable update unit 222, the secret end state reflection unit 223, and the secret output calculation unit 23 may perform processing while concealing whether or not each case is applicable.
- FIGS. 6 and 7 show examples of processing performed by the secret input reflection unit 21, the secret loop variable update unit 222, the secret end state reflection unit 223, and the secret output calculation unit 23 while concealing whether or not each case is applicable. Shown.
- the symbols and notations appearing in FIGS. 6 and 7 are the same as those described in [Example of Iterative Calculation].
- the processing of the secret input reflection unit 21 corresponds to "1:” to "10:” in FIG.
- the processing of the secret update unit 22 corresponds to "11:” to "33:" in FIG.
- the processing of the secret loop variable calculation unit 221 corresponds to "13:” to “16:” in FIG. In “15:” of FIG. 6, the processing of the secret iterative calculation unit 2 for the second iterative calculation inside the first iterative calculation, in other words , the calculation processing of f 2 ([a 1 ']) is performed.
- the processing of the secret iterative calculation unit 2 regarding the second iterative calculation in this case corresponds to "1:” to "28:” in FIG.
- the processing of the secret loop variable update unit 222 corresponds to "17:” to "24:” in FIG.
- the processing of the secret end state reflection unit 223 corresponds to "26:” to "27:” in FIG.
- the processing of the secret output calculation unit 23 corresponds to "29:” to "33:” in FIG.
- the program that describes this processing content can be recorded on a computer-readable recording medium.
- the computer-readable recording medium may be, for example, a magnetic recording device, an optical disk, a photomagnetic recording medium, a semiconductor memory, or the like.
- the distribution of this program is carried out, for example, by selling, transferring, renting, etc., portable recording media such as DVDs and CD-ROMs on which the program is recorded. Further, the program may be stored in the storage device of the server computer, and the program may be distributed by transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. Then, when the process is executed, the computer reads the program stored in its own storage device and executes the process according to the read program. Further, as another execution form of this program, a computer may read the program directly from a portable recording medium and execute processing according to the program, and further, the program is transferred from the server computer to this computer. Each time, the processing according to the received program may be executed sequentially. In addition, the above processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition without transferring the program from the server computer to this computer. May be.
- the program in this embodiment includes information to be used for processing by a computer and equivalent to the program (data that is not a direct command to the computer but has a property of defining the processing of the computer, etc.).
- the present device is configured by executing a predetermined program on the computer, but at least a part of these processing contents may be realized by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Algebra (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Complex Calculations (AREA)
- Storage Device Security (AREA)
Abstract
Description
本発明では、内側の反復計算が所定の反復回数で終わらなかった場合は途中のループ変数の値を保持しておき、外側の反復計算では出力値の計算を行わないこととする。そして、その後、もう一度内側の反復計算が実行される際に保持していたループ変数の値を使って続きの反復計算を実行する。すなわち、各反復計算では、対象反復計算のすぐ内側の反復計算が全て終わった場合に限ってその対象反復計算を行う。これを再帰的に行うことにより、内側の反復計算での無駄な計算を減らすことができる。
以下、本発明の実施の形態について詳細に説明する。なお、図面中において同じ機能を有する構成部には同じ番号を付し、重複説明を省略する。
秘密初期化部1は、反復計算で使われ、反復計算ごとに値が変わり得る所定の変数であるループ変数をダミー値に設定し、各反復計算の状態を「実行前」に設定する(ステップS1)。ダミー値は、ループ変数の値がダミーであることを表す所定の値である。
秘密反復計算部2は、入力と所定の反復回数とを用いて計算の対象となっている反復計算を行った結果を出力する(ステップS2)。
秘密入力反映部21は、現在計算の対象となっている反復計算である対象反復計算の状態が「実行前」であり、かつ、対象反復計算の全ての入力がダミー値ではない場合に、(a)対象反復計算の入力を用いて、対象反復計算のループ変数の初期値を秘密計算し、(b)対象反復計算に内側の反復計算がある場合にはその内側の各反復計算の状態を「実行前」に初期化し、(c)対象反復計算の状態を「実行中」に変更する(ステップS21)。
秘密更新部22は、秘密ループ変数計算部221、秘密ループ変数更新部222及び秘密終了状態反映部223を備えている。
秘密ループ変数計算部221は、直前に秘密計算された対象反復計算のループ変数の値を用いて、対象反復計算に内側の反復計算がある場合にはその内側の各反復計算についての秘密反復計算部2の処理を行うことで、対象反復計算のループ変数の新たな値を秘密計算する(ステップS221)。
秘密ループ変数更新部222は、対象反復計算の状態が「実行中」、かつ、対象反復計算の内側の各反復計算の状態が「終了」である場合に、(b-i)秘密ループ変数計算部221で秘密計算された新たな値を対象反復計算のループ変数の値とし、(b-ii)対象反復計算の内側の各反復計算の状態を「実行前」に更新する(ステップS222)。
秘密終了状態反映部223は、対象反復計算の状態が「実行中」、かつ、対象反復計算のループ変数の値が所定の終了条件を満たしている場合に、対象反復計算の状態を「終了」に変更する(ステップS223)。
秘密出力計算部23は、対象反復計算の状態が「終了」の場合にはループ変数の値から対象反復計算の出力値を秘密計算し出力する(ステップS23)。秘密出力計算部23は、対象反復計算の状態が「終了」でない場合には、ダミー値を出力する。
図3及び図4に、秘密多重反復計算装置が、第一反復計算及び第二反復計算により構成される反復計算を行う場合の秘密多重反復計算装置の処理の例を示す。
[x]は、xの秘匿値である。
[z]←[a]+[b]は、z=a+bであるようなzの秘匿値を計算することを意味する。
[z]←[a][b]は、z=abであるようなzの秘匿値を計算することを意味する。
[z]←EQ([a],[b])は、a=bのときz=1、a=bでないときにはz=0であるようなzの秘匿値を計算することを意味する。
[z]←LE([a],[b])は、a≦bのときz=1、a≦bでないときにはz=0であるようなzの秘匿値を計算することを意味する。
[z]←NE([a],[b])は、a≠bのときz=1、a≠bでないときにはz=0であるようなzの秘匿値を計算することを意味する。
[z]←IfElse([c],[a],[b])は、c=1のときz=a、c=0のときz=bであるようなzの秘匿値を計算することを意味する。
[z]←AND([a1],[a2],...,[an])は、z=a1a2...anであるようなzの秘匿値を計算することを意味する。
以上、本発明の実施の形態について説明したが、具体的な構成は、これらの実施の形態に限られるものではなく、本発明の趣旨を逸脱しない範囲で適宜設計の変更等があっても、本発明に含まれることはいうまでもない。
上記説明した各装置における各種の処理機能をコンピュータによって実現する場合、各装置が有すべき機能の処理内容はプログラムによって記述される。そして、このプログラムをコンピュータで実行することにより、上記各装置における各種の処理機能がコンピュータ上で実現される。例えば、上述の各種の処理は、図8に示すコンピュータの記録部2020に、実行させるプログラムを読み込ませ、制御部2010、入力部2030、出力部2040などに動作させることで実施できる。
Claims (4)
- 反復計算で使われ、反復計算ごとに値が変わり得る所定の変数であるループ変数をダミー値に設定し、各反復計算の状態を「実行前」に設定する秘密初期化部と、
入力と所定の反復回数とを用いて計算の対象となっている反復計算を行った結果を出力する秘密反復計算部と、を含み、
前記秘密反復計算部は、
(i)現在計算の対象となっている反復計算である対象反復計算の状態が「実行前」であり、かつ、前記対象反復計算の全ての入力がダミー値ではない場合に、前記対象反復計算の入力を用いて、前記対象反復計算のループ変数の初期値を秘密計算し、前記対象反復計算に内側の反復計算がある場合にはその内側の各反復計算の状態を「実行前」に初期化し、前記対象反復計算の状態を「実行中」に変更する秘密入力反映部と、
(ii) (a)直前に秘密計算された前記対象反復計算のループ変数の値を用いて、前記対象反復計算に内側の反復計算がある場合にはその内側の各反復計算についての前記秘密反復計算部の処理を行うことで、前記対象反復計算のループ変数の新たな値を秘密計算する秘密ループ変数計算部と、(b)前記対象反復計算の状態が「実行中」、かつ、前記対象反復計算の内側の各反復計算の状態が「終了」である場合に、前記新たな値を前記対象反復計算のループ変数の値とし、前記対象反復計算の内側の各反復計算の状態を「実行前」に更新する秘密ループ変数更新部と、(c)前記対象反復計算の状態が「実行中」、かつ、前記対象反復計算のループ変数の値が所定の終了条件を満たしている場合に、前記対象反復計算の状態を「終了」に変更する秘密終了状態反映部と、を含み、前記所定の反復回数だけ処理を行う秘密更新部と、
(iii)前記対象反復計算の状態が「終了」の場合にはループ変数の値から前記対象反復計算の出力値を秘密計算し出力する秘密出力計算部と、
を含む、
秘密多重反復計算装置。 - 請求項1の秘密多重反復計算装置であって、
前記秘密入力反映部、前記秘密ループ変数更新部、前記秘密終了状態反映部及び前記秘密出力計算部は、前記の場合に該当するか否かを秘匿化しつつ処理を行う、
秘密多重反復計算装置。 - 秘密初期化部が、反復計算で使われ、反復計算ごとに値が変わり得る所定の変数であるループ変数をダミー値に設定し、各反復計算の状態を「実行前」に設定する秘密初期化ステップと、
秘密反復計算部が、入力と所定の反復回数とを用いて計算の対象となっている反復計算を行った結果を出力する秘密反復計算ステップと、を含み、
前記秘密反復計算ステップは、
(i)秘密入力反映部が、現在計算の対象となっている反復計算である対象反復計算の状態が「実行前」であり、かつ、前記対象反復計算の全ての入力がダミー値ではない場合に、前記対象反復計算の入力を用いて、前記対象反復計算のループ変数の初期値を秘密計算し、前記対象反復計算に内側の反復計算がある場合にはその内側の各反復計算の状態を「実行前」に初期化し、前記対象反復計算の状態を「実行中」に変更する秘密入力反映ステップと、
(ii) (a)秘密ループ変数計算部が、直前に秘密計算された前記対象反復計算のループ変数の値を用いて、前記対象反復計算に内側の反復計算がある場合にはその内側の各反復計算についての前記秘密反復計算部の処理を行うことで、前記対象反復計算のループ変数の新たな値を秘密計算する秘密ループ変数計算ステップと、(b)秘密ループ変数更新部が、前記対象反復計算の状態が「実行中」、かつ、前記対象反復計算の内側の各反復計算の状態が「終了」である場合に、前記新たな値を前記対象反復計算のループ変数の値とし、前記対象反復計算の内側の各反復計算の状態を「実行前」に更新する秘密ループ変数更新ステップと、(c)秘密終了状態反映部が、前記対象反復計算の状態が「実行中」、かつ、前記対象反復計算のループ変数の値が所定の終了条件を満たしている場合に、前記対象反復計算の状態を「終了」に変更する秘密終了状態反映ステップと、を含み、前記所定の反復回数だけ処理を行う秘密更新ステップと、
(iii)秘密出力計算部が、前記対象反復計算の状態が「終了」の場合にはループ変数の値から前記対象反復計算の出力値を秘密計算し出力する秘密出力計算ステップと、
を含む、
秘密多重反復計算方法。 - 請求項1から2の何れかの秘密多重反復計算装置の各部としてコンピュータを機能させるためのプログラム。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2019/040006 WO2021070322A1 (ja) | 2019-10-10 | 2019-10-10 | 秘密多重反復計算装置、方法及びプログラム |
AU2019469404A AU2019469404B2 (en) | 2019-10-10 | 2019-10-10 | Secret multiple repetition calculation apparatus, method and program |
CN201980101147.0A CN114514569B (zh) | 2019-10-10 | 2019-10-10 | 秘密多重迭代计算装置、方法以及记录介质 |
JP2021551038A JP7351343B2 (ja) | 2019-10-10 | 2019-10-10 | 秘密多重反復計算装置、方法及びプログラム |
EP19948300.9A EP4044156A4 (en) | 2019-10-10 | 2019-10-10 | DEVICE, METHOD AND PROGRAM FOR MULTI-ITERATIVE SECRET CALCULATION |
US17/764,977 US20220350638A1 (en) | 2019-10-10 | 2019-10-10 | Secret multiple repetition calculation apparatus, method and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2019/040006 WO2021070322A1 (ja) | 2019-10-10 | 2019-10-10 | 秘密多重反復計算装置、方法及びプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021070322A1 true WO2021070322A1 (ja) | 2021-04-15 |
Family
ID=75438120
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2019/040006 WO2021070322A1 (ja) | 2019-10-10 | 2019-10-10 | 秘密多重反復計算装置、方法及びプログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US20220350638A1 (ja) |
EP (1) | EP4044156A4 (ja) |
JP (1) | JP7351343B2 (ja) |
CN (1) | CN114514569B (ja) |
AU (1) | AU2019469404B2 (ja) |
WO (1) | WO2021070322A1 (ja) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0298741A (ja) * | 1988-07-29 | 1990-04-11 | Digital Equip Corp <Dec> | マルチプロセッサコンピュータにおいてネスト式ループを実行する階層的方法 |
WO2013065687A1 (ja) * | 2011-11-04 | 2013-05-10 | 学校法人 早稲田大学 | プロセッサシステム及びアクセラレータ |
WO2019181594A1 (ja) * | 2018-03-19 | 2019-09-26 | 日本電信電話株式会社 | パラメータ設定装置、演算装置、それらの方法、プログラム、および記録媒体 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7395419B1 (en) * | 2004-04-23 | 2008-07-01 | Apple Inc. | Macroscalar processor architecture |
KR101032592B1 (ko) * | 2006-07-21 | 2011-05-06 | 호쿠리쿠 니혼 덴키 소프트웨어 가부시키가이샤 | 암호 장치, 기록 매체, 및 방법 |
CN102271108B (zh) * | 2010-06-07 | 2014-04-30 | 中兴通讯股份有限公司 | 恒模序列的离散傅立叶变换的快速计算方法和装置 |
FR2963515B1 (fr) * | 2010-07-30 | 2012-07-27 | Thales Sa | Procede et dispositif de randomisation d'une cle secrete contre les attaques par canaux auxiliaires |
CN102761414B (zh) * | 2011-04-26 | 2015-06-10 | 航天信息股份有限公司 | 一种sm3密码杂凑算法及确定其中的变量字的方法 |
CN103914556A (zh) * | 2014-04-15 | 2014-07-09 | 西北工业大学 | 大规模图数据处理方法 |
CN107395347B (zh) * | 2017-08-04 | 2021-06-15 | 桂林电子科技大学 | 对称密码系统代数次数评估方法 |
-
2019
- 2019-10-10 EP EP19948300.9A patent/EP4044156A4/en active Pending
- 2019-10-10 WO PCT/JP2019/040006 patent/WO2021070322A1/ja unknown
- 2019-10-10 US US17/764,977 patent/US20220350638A1/en active Pending
- 2019-10-10 AU AU2019469404A patent/AU2019469404B2/en active Active
- 2019-10-10 JP JP2021551038A patent/JP7351343B2/ja active Active
- 2019-10-10 CN CN201980101147.0A patent/CN114514569B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0298741A (ja) * | 1988-07-29 | 1990-04-11 | Digital Equip Corp <Dec> | マルチプロセッサコンピュータにおいてネスト式ループを実行する階層的方法 |
WO2013065687A1 (ja) * | 2011-11-04 | 2013-05-10 | 学校法人 早稲田大学 | プロセッサシステム及びアクセラレータ |
WO2019181594A1 (ja) * | 2018-03-19 | 2019-09-26 | 日本電信電話株式会社 | パラメータ設定装置、演算装置、それらの方法、プログラム、および記録媒体 |
Non-Patent Citations (1)
Title |
---|
KOJI CHIDAKOKI HAMADADAI IKARASHIKATSUMI TAKAHASHI: "A Three-Party Secure Function Evaluation with Lightweight Verifiability Revisited", CSS, 2010 |
Also Published As
Publication number | Publication date |
---|---|
AU2019469404A1 (en) | 2022-04-07 |
EP4044156A1 (en) | 2022-08-17 |
CN114514569A (zh) | 2022-05-17 |
US20220350638A1 (en) | 2022-11-03 |
JP7351343B2 (ja) | 2023-09-27 |
JPWO2021070322A1 (ja) | 2021-04-15 |
CN114514569B (zh) | 2024-03-01 |
AU2019469404B2 (en) | 2023-02-02 |
EP4044156A4 (en) | 2023-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Dourish | Rematerializing the platform: Emulation and the digital–material | |
JP7067632B2 (ja) | 秘密シグモイド関数計算システム、秘密ロジスティック回帰計算システム、秘密シグモイド関数計算装置、秘密ロジスティック回帰計算装置、秘密シグモイド関数計算方法、秘密ロジスティック回帰計算方法、プログラム | |
US11281469B2 (en) | Saving and restoring machine state between multiple executions of an instruction | |
CN105843776A (zh) | 微处理器与其中安全执行指令的方法 | |
AU2019461059B2 (en) | Secure softmax function calculation system, secure softmax function calculation apparatus, secure softmax function calculation method, secure neural network calculation system, secure neural network learning system, and program | |
WO2021070322A1 (ja) | 秘密多重反復計算装置、方法及びプログラム | |
JP7060115B2 (ja) | 秘密配列アクセス装置、秘密配列アクセス方法、およびプログラム | |
US20070079109A1 (en) | Simulation apparatus and simulation method | |
CN110914801B (zh) | 在数据处理设备中的向量交叉 | |
JPWO2019225531A1 (ja) | 秘密一括近似システム、秘密計算装置、秘密一括近似方法、およびプログラム | |
JP6825119B2 (ja) | 秘密読み込み装置、秘密書き込み装置、それらの方法、およびプログラム | |
JP7205623B2 (ja) | 秘密共役勾配法計算システム、秘密計算装置、共役勾配法計算装置、秘密共役勾配法計算方法、共役勾配法計算方法、およびプログラム | |
CN113849837A (zh) | 一种安全模型的训练方法、装置、设备以及数据处理方法 | |
JP7359225B2 (ja) | 秘密最大値計算装置、方法及びプログラム | |
JP7318721B2 (ja) | 近似関数計算装置、方法及びプログラム | |
JPH09305401A (ja) | コンピュータ及びコンパイラ | |
WO2023233622A1 (ja) | 秘密計算装置、秘密計算方法、プログラム | |
WO2021144974A1 (ja) | 秘密最大値計算装置、方法及びプログラム | |
JP7485067B2 (ja) | 秘密シフトシステム、秘密シフト装置、秘密シフト方法、プログラム | |
JP2001134480A (ja) | ファイル排他制御方式,方法および記録媒体 | |
Schmaltz et al. | Verification of Optimised 48-bit Multiplications on AVR | |
JP2003006176A (ja) | データ処理装置,方法およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19948300 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021551038 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2019469404 Country of ref document: AU Date of ref document: 20191010 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2019948300 Country of ref document: EP Effective date: 20220510 |