WO2023005066A1 - Data processing method - Google Patents

Data processing method Download PDF

Info

Publication number
WO2023005066A1
WO2023005066A1 PCT/CN2021/131306 CN2021131306W WO2023005066A1 WO 2023005066 A1 WO2023005066 A1 WO 2023005066A1 CN 2021131306 W CN2021131306 W CN 2021131306W WO 2023005066 A1 WO2023005066 A1 WO 2023005066A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
computing
data
computing node
obfuscation
Prior art date
Application number
PCT/CN2021/131306
Other languages
French (fr)
Chinese (zh)
Inventor
李昊轩
严强
王朝阳
廖飞强
李辉忠
张开翔
范瑞彬
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2023005066A1 publication Critical patent/WO2023005066A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • Embodiments of the present invention relate to the field of financial technology (Fintech), and in particular, to a data processing method.
  • Secure multi-party computing is a kind of collaborative computing that is safely completed through the participation of multiple parties without a trusted third party. That is, in a distributed network, each participant holds his own private data and hopes to jointly complete the calculation of a certain function, but requires that each participant cannot obtain any input information from other participants except the calculation result . Based on the characteristics of secure multi-party computing, secure multi-party computing has been applied to the field of financial technology in order to provide more convenient services for financial enterprises or financial enterprise customers.
  • an embodiment of the present invention provides a data processing method, which is suitable for a secure multi-party computing system with N computing nodes, and the method includes:
  • the first computing node When the first computing node detects a data computing request, it generates N pieces of first obfuscation information based on the private data of the first computing node, and sends N-1 pieces of first obfuscation information among the N pieces of first obfuscation information Send to N-1 second computing nodes respectively;
  • the first computing node is any one of the N computing nodes;
  • the second computing node is the N computing nodes except the first computing node Any computing node other than a node;
  • the first computing node receives the second obfuscation information generated by each of the N-1 second computing nodes, and generates a ciphertext for determining the data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Fragmentation;
  • the first reserved confusion message is the first confusion information sent to N-1 second computing nodes in the N first confusion information;
  • the first calculation node sends the ciphertext fragments to a data requester; the data requester is used to determine a data calculation result according to the N ciphertext fragments.
  • the first computing node in the technical solution of the present invention detects a data computing request, it can start a data computing operation for generating ciphertext fragments. That is, N pieces of first obfuscation information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information are sent to N-1 second computing nodes respectively.
  • the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only needs to carry out a process between computing nodes.
  • Rounds of interaction can complete the generation process of each computing node for ciphertext fragmentation, so as to solve the problem that the technical solutions in the prior art require a large number of interaction rounds for each participant in the calculation process, and can effectively reduce the number of rounds in the determination process.
  • the network resources consumed by each computing node for data interaction can effectively improve the efficiency of secure multi-party computing.
  • the generating N pieces of first confusion information based on the private data of the first computing node includes:
  • the first computing node generates N random numbers conforming to the secure multi-party computing mechanism, and uses the N random numbers as N confusion factors;
  • the first computing node For each obfuscation factor, the first computing node generates an offset factor according to the obfuscation factor and the privacy data of the first computing node, and determines the obfuscation factor and the offset factor as a first obfuscation factor information.
  • N random numbers are generated to cover up the private data of the first computing node, so as to prevent the private data of the first computing node from being leaked, thereby ensuring the security of the private data of the first computing node sex.
  • the first obfuscation information generated by the scheme can provide support for the subsequent generation of ciphertext fragments, thereby providing support for the data requester to determine the data calculation result.
  • the first computing node generates N random numbers conforming to a secure multi-party computing mechanism, including:
  • the first computing node generates N-1 random numbers by using a random number generation algorithm on the elliptic curve number field;
  • the first computing node generates an Nth random number based on the N-1 random numbers.
  • a random number is generated by using a random number generation algorithm on the elliptic curve number field, and the private data of the first computing node is concealed based on the generated random number, so that the private data of the first computing node can be avoided is leaked, so that the security of the private data of the first computing node can be ensured.
  • the generating a ciphertext fragment for determining a data calculation result according to the first retained obfuscation message and the N-1 second obfuscation messages includes:
  • the first computing node determines a first type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages;
  • the first computing node determines a second type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages;
  • the first computing node determines the third type of Sub-ciphertext fragmentation
  • the first calculation node generates ciphertext for determining data calculation results according to the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation Fragmentation.
  • the first computing node can obtain the confusion factors and offset factors of the N-1 second computing nodes through one round of interaction, without requiring multiple rounds of interaction to complete the generation of ciphertext fragments. Then, based on the obfuscation factors and offset factors retained locally and the obfuscation factors and offset factors of the N-1 second computing nodes, ciphertext fragments for determining data calculation results can be generated in a timely and accurate manner. In this way, the scheme can provide support for the subsequent data requester to determine the data calculation result based on the ciphertext fragmentation in a timely manner, thereby effectively improving the efficiency of secure multi-party computation.
  • the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation is performed by the first calculation node according to the elliptic curve number field Generated by the number field multiplication mechanism.
  • the first calculation node determines the first type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages, including:
  • the first calculation node generates the first type by performing number field multiplication on the first reserved confusion message and the N confusion factors in the N-1 second confusion messages on the elliptic curve number field. Sub-ciphertext fragmentation.
  • the first calculation node determines the second type of sub-ciphertext fragmentation based on the first retained obfuscation message and the N offset factors in the N-1 second obfuscation messages, including:
  • the first calculation node generates the second by performing number field multiplication on the first reserved confusion message and the N offset factors in the N-1 second confusion messages on the elliptic curve number field.
  • Class subciphertext sharding
  • the first computing node calculates N-1 aliasing factors other than the offset factor and the aliasing factor corresponding to the offset factor, Determine the third type of sub-ciphertext fragmentation, including:
  • the first calculation node uses the N-1 offset factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field
  • the confusion factor performs a multiplication operation in the number field to generate the third type of sub-ciphertext fragments.
  • the first calculation node generates a data calculation algorithm for determining the The ciphertext fragmentation of the result, including:
  • the first calculation node performs number addition and subtraction on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation on the elliptic curve number field and multiplication operation to generate ciphertext fragments for determining data calculation results.
  • the first type of subkey can be determined in time by performing number field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field.
  • the second type of subkey can be determined in time by performing number field multiplication on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages on the elliptic curve number field Text fragmentation; for any offset factor in the N offset factors, by counting N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field
  • the field multiplication operation can determine the third type of sub-ciphertext fragmentation in time, so that the ciphertext fragmentation used to determine the data calculation result can be determined in time, so as to provide support for effectively improving the efficiency of secure multi-party computing. And it can ensure the security of the private data of each computing node, so as to avoid the risk of leakage of the private data of each computing node.
  • an embodiment of the present invention provides a data processing method, which is suitable for a secure multi-party computing system with N computing nodes, and the method includes:
  • the data requester generates a data calculation request for obtaining ciphertext fragments
  • the data requester sends the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generates N pieces of first confusion information based on the private data of the first computing node , sending N-1 first obfuscation information among the N first obfuscation information to N-1 second computing nodes, and retaining the obfuscation information according to the first and the N-1 second computing nodes
  • the generated N-1 second confusion messages generate ciphertext fragments for determining data calculation results;
  • the first computing node is any one of the N computing nodes, and the second computing node is all Any computing node except the first computing node among the N computing nodes;
  • the data requester receives the ciphertext fragments sent by the N computing nodes respectively;
  • the data requester determines the data calculation result according to the N ciphertext fragments.
  • the multiple computing nodes since the data required to calculate a certain function (such as a multiplication function) is stored in multiple computing nodes, but the multiple computing nodes will not leak their private data to the data requester, they will only Send the masked private data (that is, ciphertext fragmentation) to the data requester, so when the data requester needs to calculate the multiplication function, it needs to generate a data calculation request for obtaining the ciphertext fragmentation, and send the data
  • the calculation request is sent to the plurality of calculation nodes, so that when any calculation node in the plurality of calculation nodes detects the data request, it can start the data operation operation of generating ciphertext fragments.
  • the first computing node generates N first obfuscated information based on the private data of the first computing node, and sends N-1 first obfuscated information among the N first obfuscated information to N-1 second computing nodes respectively. node. At the same time, it will also receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate a ciphertext fragment for determining the data calculation result based on the first reserved obfuscation message and the N-1 second obfuscation messages .
  • the ciphertext fragments are sent to the data requesting party, so that the data requesting party can timely and effectively determine the data calculation result according to the N ciphertext fragments.
  • the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only requires a Round-by-round interaction can complete the generation process of each computing node for ciphertext fragmentation, which can effectively improve the efficiency of secure multi-party computing.
  • the data requester determines the data calculation result according to the N ciphertext fragments, including:
  • the data requester obtains the data result after the numerical addition by performing numerical addition on the N ciphertext fragments on the elliptic curve number field;
  • the ratio of the data result after the addition operation to N is determined as the data calculation result.
  • an embodiment of the present invention provides a data processing device, which is suitable for a secure multi-party computing system with N computing nodes, and the device includes:
  • the first generation unit is configured to generate N pieces of first obfuscation information based on the privacy data of the first computing node when a data calculation request is detected, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information
  • the information is sent to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is any one of the N computing nodes except the first Any computing node other than a computing node;
  • the first processing unit is configured to receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate an encryption key for determining the data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Text fragmentation;
  • the first reserved obfuscation message is the first obfuscation information sent to the N-1 second computing nodes in the N first obfuscation information;
  • the ciphertext fragmentation is sent to the data A requester; the data requester is used to determine the data calculation result according to the N ciphertext fragments.
  • the first generation unit is specifically configured to:
  • an offset factor is generated according to the obfuscation factor and the private data of the first computing node, and the obfuscation factor and the offset factor are determined as first obfuscation information.
  • the first generation unit is specifically configured to:
  • an Nth random number is generated.
  • the first processing unit is specifically configured to:
  • a ciphertext fragment for determining a data calculation result is generated.
  • the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation are all obtained by the first computing node in the elliptic curve number field It is determined by the multiplication operation on the number field.
  • the first processing unit is specifically configured to:
  • the first type of sub-ciphertext fragment is generated by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field.
  • the first processing unit is specifically configured to:
  • the first processing unit is specifically configured to:
  • the first processing unit is specifically configured to:
  • an embodiment of the present invention provides a data processing device, which is suitable for a secure multi-party computing system with N computing nodes, and the device includes:
  • a second generating unit configured to generate a data calculation request for obtaining ciphertext fragmentation
  • the second processing unit is configured to send the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generate N first computing nodes based on the private data of the first computing node Obfuscating information, sending N-1 first obfuscated information among the N first obfuscated information to N-1 second computing nodes, and retaining the obfuscated information and the N-1 second computing nodes according to the first
  • the N-1 second confusion messages generated by the computing nodes generate ciphertext fragments for determining data calculation results; the first computing node is any one of the N computing nodes, and the second computing node Be any computing node in the N computing nodes except the first computing node; receive the ciphertext fragments sent by the N computing nodes; determine the data calculation result according to the N ciphertext fragments .
  • the second processing unit is specifically configured to:
  • the data requester determines the ratio of the data result after the addition operation to N as the data calculation result.
  • an embodiment of the present invention provides a computing device, including at least one processor and at least one memory, wherein the memory stores a computer program, and when the program is executed by the processor, the processing The device executes the data processing method described in any of the first aspect or the second aspect above.
  • an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program runs on the computing device, the computing device executes the above-mentioned first The data processing method described in any aspect or the second aspect.
  • FIG. 1 is a schematic diagram of a secure multi-party computing system architecture provided by an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a data processing method provided by an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a data processing device provided by an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of another data processing device provided by an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a computing device provided by an embodiment of the present invention.
  • the system architecture shown in FIG. 1 is taken as an example to describe the architecture of the secure multi-party computing system applicable to the embodiment of the present invention.
  • the architecture of the secure multi-party computing system may be a client 100 and a distributed secure multi-party computing system 200 .
  • the secure multi-party computing distributed system 200 may include at least one computing node, such as computing node 201 , computing node 202 , and computing node 203 .
  • the client 100 and at least one computing node may be connected in a wired manner, or may be connected in a wireless manner, which is not limited in this embodiment of the present invention.
  • the client 100 on the terminal device can generate a data calculation request, and send the data calculation request to each computing node in the secure multi-party computing distributed system 200 respectively.
  • any computing node in the secure multi-party computing distributed system 200 detects the data computing request, it can start the ciphertext fragment generation process for the data computing request. For example, taking the computing node 201 as an example, the computing node 201 detects After receiving the data calculation request, the ciphertext fragment generation process for the data calculation request can be started.
  • the terminal device may include, but not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a vehicle terminal, and the like.
  • FIG. 1 is only an example, which is not limited in this embodiment of the present invention.
  • FIG. 2 exemplarily shows a flow of a data processing method provided by an embodiment of the present invention, and the flow may be executed by a data processing apparatus.
  • the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
  • the process specifically includes:
  • step 201 the data requester generates a data calculation request for obtaining ciphertext fragments.
  • Step 202 the data requester sends the data calculation requests to the N calculation nodes respectively.
  • the data requester may be any computing node among the N computing nodes, or may be a service node independent of the N computing nodes. Exemplarily, suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C.
  • computing node A as the data requester as an example, users of computing node A need to calculate a certain function (such as multiplication function), it is necessary to use the client on the terminal device to generate a data calculation request for obtaining the ciphertext fragmentation of the determined data calculation result, and then send the data calculation request to the calculation node A and the calculation node A through the client.
  • Computing requests are sent to computing node A, computing node B, and computing node C respectively.
  • computing node A suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C.
  • a service node independent of these three computing nodes as the data requester as an example
  • users of the service node need to compute
  • the service interface provided by the service node (or through the client corresponding to the service node) to generate a data calculation request for obtaining the ciphertext fragmentation of the determined data calculation result
  • the service interface or the client corresponding to the service node
  • sends the data calculation request to the service node sends the data calculation request to computing node A, computing node B, and computing node C respectively.
  • Step 203 When the first computing node detects the data computing request, it generates N pieces of first obfuscation information based on the private data of the first computing node, and sends N-1 pieces of the N first obfuscation information One obfuscation information is sent to N-1 second computing nodes respectively.
  • the first calculation node when it detects a data calculation request, it generates N random numbers conforming to the secure multi-party computing mechanism, and uses the N random numbers as N confusion factors. For each confusion factor, an offset factor is generated according to the confusion factor and the privacy data of the first computing node, and the confusion factor and the offset factor corresponding to the confusion factor are determined as the first confusion information, and the Nth The N-1 pieces of first confusion information in one piece of confusion information are respectively sent to the N-1 second computing nodes.
  • the first computing node is any one of the N computing nodes; the second computing node is any computing node in the N computing nodes except the first computing node.
  • N random numbers are generated for masking the private data of the first computing node, so as to prevent the private data of the first computing node from being leaked, thereby ensuring the security of the private data of the first computing node.
  • the first obfuscation information generated by the scheme can provide support for the subsequent generation of ciphertext fragments, thereby providing support for the data requester to determine the data calculation result.
  • the first computing node when generating N random numbers conforming to the secure multi-party computing mechanism, the first computing node generates N-1 random numbers by using a random number generation algorithm on the elliptic curve number field, and at the same time based on the N-1 random numbers Number, the Nth random number can be generated.
  • a random number generation algorithm on the elliptic curve number field to generate random numbers, it is possible to prevent the offset factor generated by concealing the private data of the first computing node based on the generated random numbers from being cracked and leaking the first computing node.
  • the private data of the node can ensure the security of the private data of the first computing node.
  • computing nodes For example, suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C, and computing node A owns private data a, computing node B owns private data b, and computing node C owns private data c.
  • the data requester (such as data requester D) is described as a service node independent of the three computing nodes.
  • the data requester D can correctly obtain the multiplication data without knowing the private data a, b, and c
  • (rb1, b1), (rb2, b2), and (rb3, b3) can all be determined as the first confusion information.
  • (rc1, c1), (rc2, c2), and (rc3, c3) can all be determined as the first confusion information.
  • computing node A, computing node B, and computing node C perform data interaction of the first obfuscated information.
  • computing node A, computing node B, and computing node C perform the interaction of the first obfuscation information in the first possible implementation manner, for example, computing node A sends the first obfuscation information with serial number 2, that is (ra2 , a2), send to computing node B, send the first confusion information with sequence number 3, namely (ra3, a3), to computing node C, and at the same time send the first confusion information with sequence number 1, namely (ra1, a1) , kept locally.
  • computing node B sends the first obfuscation information with serial number 1, namely (rb1, b1), to computing node A, and sends the first obfuscated information with serial number 3, namely (rb3, b3), to computing node C.
  • serial number 1 namely (rb1, b1)
  • serial number 3 namely (rb3, b3)
  • computing node C keeps the first obfuscation information whose serial number is 2, namely (rb2, b2), locally.
  • Computing node C sends the first obfuscation information with sequence number 1, namely (rc1, c1), to computing node A, and sends the first obfuscation information with sequence number 2, namely (rc2, c2), to computing node B, and at the same time Keep the first obfuscation information whose sequence number is 3, namely (rc3, c3), locally.
  • computing node A, computing node B, and computing node C perform the interaction of the first obfuscation information in the second possible implementation manner, for example, computing node A sends the first obfuscation information with the serial number 1, that is, (ra1, a1 ), send it to computing node B, send the first obfuscation information with sequence number 2, namely (ra2, a2), to computing node C, and at the same time, keep the first obfuscation information with sequence number 3, namely (ra3, a3), locally.
  • serial number 1 that is, (ra1, a1 )
  • sequence number 2 namely (ra2, a2)
  • computing node B sends the first obfuscation information with serial number 1, namely (rb1, b1), to computing node A, and sends the first obfuscated information with serial number 2, namely (rb2, b2), to computing node C.
  • sequence number 3 namely (rb3, b3)
  • Computing node C sends the first obfuscation information with sequence number 1, namely (rc1, c1), to computing node A, and sends the first obfuscation information with sequence number 3, namely (rc3, c3), to computing node B, and at the same time Keep the first obfuscation information whose sequence number is 2, namely (rc2, c2), locally.
  • sequence number 1 namely (rc1, c1)
  • sequence number 3 namely (rc3, c3
  • the technical solution provided by the embodiment of the present invention only needs to interact with three random numbers to complete the calculation operation for the multiplication function when performing data interaction.
  • the three parties are performing When the multiplication function is operated, more than four or even more random numbers need to be interacted to complete the operation for the multiplication function.
  • the technical solution provided by the embodiment of the present invention has fewer random numbers for safe three-party secure computing multiplication operations. There are also fewer rounds of interaction, so secure multi-party computation is more efficient.
  • computing node A, computing node B, and computing node C may also exchange first obfuscated information in other implementation manners, which will not be repeated here. Of course, this embodiment of the present invention does not limit it. .
  • Step 204 the first computing node receives the second confusion information generated by each of the N-1 second computing nodes, and generates a calculation result for determining the data according to the first retained confusion message and the N-1 second confusion messages ciphertext fragments.
  • the first calculation node after receiving the second obfuscation information generated by N-1 second computing nodes, the first calculation node generates the first type of sub-ciphertext fragmentation according to the number field multiplication mechanism on the elliptic curve number field, The second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation. That is, by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field, the first type of subciphertext score can be determined in a timely and accurate manner.
  • the second type of sub-ciphertext can be determined timely and accurately Fragmentation; for any offset factor in the N offset factors, the N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor are calculated on the elliptic curve number field
  • the multiplication operation can timely and accurately determine the third type of sub-ciphertext fragmentation.
  • the first reserved obfuscation message is the first obfuscation information among the N first obfuscation information except those sent to N-1 second computing nodes.
  • the ciphertext fragments used to determine the data calculation results can be determined in a timely manner, so as to provide support for effectively improving the efficiency of secure multi-party calculations, and can ensure the security of the private data of each calculation node, thereby avoiding the need for each calculation There is a risk of leakage of private data of nodes.
  • the implementation process of generating ciphertext fragments by the first computing node is described by taking the first possible implementation manner as an example. That is, after computing node A receives the first obfuscation information (rb1, b1) sent from computing node B and the first obfuscation information (rc1, c1) sent by computing node C, it selects the offset factor and the locally reserved
  • the offset factors in the first obfuscation information that is, a1, b1 and c1
  • can determine the first type of sub-ciphertext fragmentation by performing number field multiplication on a1, b1 and c1 on the elliptic curve number field, namely share1 a1*b1*c1.
  • computing node B selects the offset factor and locally reserved
  • Computing node C after receiving the first confusion information (ra3, a3) sent from computing node A and the first confusion information (rb3, b3) sent by computing node B, selects the offset factor and the locally reserved first
  • the implementation process of generating ciphertext fragments by the first computing node is described by taking the above second possible implementation manner as an example. That is, after computing node A receives the first obfuscation information (rb1, b1) sent from computing node B and the first obfuscation information (rc1, c1) sent by computing node C, it selects the offset factor and the locally reserved
  • the offset factors in the first obfuscation information that is, a3, b1, and c1
  • can determine the first type of sub-ciphertext fragmentation by performing number-field multiplication on a3, b1, and c1 on the elliptic curve number field, namely share1 a3*b1*c1.
  • computing node B selects the offset factor and locally reserved
  • computing node C After receiving the first obfuscation information (ra2, a2) sent by computing node A and the first obfuscation information (rb2, b2) sent by computing node B, computing node C selects the offset factor and the locally reserved first
  • Step 205 the first computing node sends the ciphertext fragment to the data requester.
  • Step 206 the data requester determines the data calculation result according to the N ciphertext fragments.
  • step 205 and step 206 after each computing node generates the ciphertext fragment, it will send the ciphertext fragment generated by it to the data requester, so that the data requestor can determine the Data calculation results. Specifically, after receiving the N ciphertext fragments, the data requester performs numerical addition operations on the N ciphertext fragments on the elliptic curve number field to obtain the data result after the numerical addition operation, and performs numerical addition operation The final data result is divided by N, and the data calculation result can be accurately calculated.
  • the above first possible implementation manner is taken as an example to describe the implementation process of each computing node sending ciphertext fragments.
  • computing node A sends the ciphertext segment SA generated by itself to data requester D
  • computing node B sends the ciphertext segment SB generated by itself to data requester D
  • computing node C sends the ciphertext segment generated by itself
  • the slice SC is sent to the data requester D.
  • the data requester D After receiving the ciphertext fragments SA, SB and SC, the data requester D performs sum operation on the ciphertext fragments SA, SB and SC on the elliptic curve number field, and compares the result of the sum operation with 3
  • the following describes an application scenario as an example.
  • three computing institutions jointly calculate the total household income as an example to describe the implementation process of the data processing method based on secure multi-party computing in the implementation of the present invention.
  • organization A has a per capita average income, such as 100,000 yuan
  • organization B has the number of household workers, such as 2 people
  • organization C has working years, such as 5 years of work, and these three organizations need to not disclose their private data Complete the household gross income for a single household or the individual household gross income for multiple households without premise.
  • institution A generates three confusion factors, namely ra1, ra2 and ra3, by using a random number generation algorithm on the elliptic curve number field, And use these three confusion factors to carry out the offset operation on the amount of 100,000 yuan respectively, and you can get three offset factors, namely a1, a2 and a3.
  • organization B generates three confusion factors, rb1, rb2 and rb3, by using a random number generation algorithm on the elliptic curve number field, and uses these three confusion factors to perform offset operations on the number of household workers and 2 persons respectively.
  • Three offset factors can be obtained, namely b1, b2 and b3.
  • Institution C uses a random number generation algorithm on the elliptic curve number field to generate three confusion factors, namely rc1, rc2, and rc3, and uses these three confusion factors to perform offset operations on the working years of 5 years respectively, to obtain three offset factors, namely c1, c2 and c3.
  • Institution A, institution B, and institution C perform data exchange of confusion factors and offset factors through the secure channel according to the above-mentioned first possible implementation manner.
  • institution A obtains three confusion factors ra1, rb1 and rc1, and three offset factors a1, b1 and c1; institution B obtains three confusion factors ra2, rb2 and rc2, and three offset factors a2 and b2 and c2; Agency C obtains three confounding factors ra3, rb3 and rc3, and three offset factors a3, b3 and c3.
  • mechanism A can generate Determine the ciphertext slice SA of the data calculation result, and send the ciphertext slice SA to the data requester; organization B generates the ciphertext slice according to the method provided by the embodiment of the present invention, by using the confusion factors ra2, rb2, rc2 And the offset factors a2, b2, c2 perform mathematical operations on the elliptic curve number field to generate the ciphertext fragment SB used to determine the data calculation result, and send the ciphertext fragment SB to the data requester; institution C According to the method of generating ciphertext fragments provided by the embodiment of the present invention, by using the confusion factors ra3, rb3, rc3 and offset factors a3, b3, c3 to perform mathematical operations on the elliptic curve number field, the data used to determine Calculate the ciphertext fragment SC of the result, and send the ciphertext fragment SC to the data requester.
  • the data requester After receiving the ciphertext fragments SA, SB and SC, the data requester performs summing operation on the ciphertext fragmentation SA, SB and SC on the elliptic curve number field, and calculates the result of the summation with 3
  • the above-mentioned embodiment shows that, because the secure multi-party calculation of the existing multiplication function operation relies on complex cryptographic protocols, the number of interaction rounds of each participant during the multiplication function operation process will be relatively large, resulting in multiple input scenarios for the multiplication function operation. The efficiency is low.
  • the first computing node in the technical solution of the present invention detects a data computing request, it can start a data computing operation for generating ciphertext fragments. That is, N pieces of first obfuscation information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information are sent to N-1 second computing nodes respectively.
  • the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only needs to carry out a process between computing nodes.
  • Rounds of interaction can complete the generation process of each computing node for ciphertext fragmentation, so as to solve the problem that the technical solutions in the prior art require a large number of interaction rounds for each participant in the calculation process, and can effectively reduce the number of rounds in the determination process.
  • the network resources consumed by each computing node for data interaction can effectively improve the efficiency of secure multi-party computing.
  • FIG. 3 exemplarily shows a data processing device provided by an embodiment of the present invention, and the device can execute the flow of the data processing method.
  • the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
  • the device includes:
  • the first generating unit 301 is configured to generate N pieces of first obfuscation information based on the private data of the first computing node when a data calculation request is detected, and generate N-1 pieces of first obfuscation information among the N pieces of first obfuscation information.
  • the confusion information is sent to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is any one of the N computing nodes except the first any computing node other than a computing node;
  • the first processing unit 302 is configured to receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate information for determining a data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Ciphertext fragmentation; the first reserved obfuscation message is the first obfuscation information sent to the N-1 second computing nodes in the N first obfuscation information; the ciphertext fragmentation is sent to A data requester; the data requester is used to determine the data calculation result according to the N ciphertext fragments.
  • the first generating unit 301 is specifically configured to:
  • an offset factor is generated according to the obfuscation factor and the private data of the first computing node, and the obfuscation factor and the offset factor are determined as first obfuscation information.
  • the first generating unit 301 is specifically configured to:
  • an Nth random number is generated.
  • the first processing unit 302 is specifically configured to:
  • a ciphertext fragment for determining a data calculation result is generated.
  • the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation is performed by the first calculation node according to the elliptic curve number field Generated by the number field multiplication mechanism.
  • the first processing unit 302 is specifically configured to:
  • the first type of sub-ciphertext fragment is generated by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field.
  • the first processing unit 302 is specifically configured to:
  • the first processing unit 302 is specifically configured to:
  • the first processing unit 302 is specifically configured to:
  • FIG. 4 exemplarily shows another data processing device provided by an embodiment of the present invention, and the device can execute the flow of the data processing method.
  • the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
  • the device includes:
  • the second generating unit 401 is configured to generate a data calculation request for obtaining ciphertext fragments
  • the second processing unit 402 is configured to send the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generate Nth computing nodes based on the private data of the first computing node One obfuscation information, sending N-1 first obfuscation information among the N first obfuscation information to N-1 second computing nodes respectively, and retaining the obfuscation information according to the first and the N-1 first obfuscation information
  • the N-1 second confusion messages generated by two computing nodes generate ciphertext fragments used to determine data calculation results; the first computing node is any one of the N computing nodes, and the second computing The node is any computing node in the N computing nodes except the first computing node; receiving the ciphertext fragments sent by the N computing nodes; according to the N ciphertext fragments, determine the data calculation result.
  • the second processing unit 402 is specifically configured to:
  • the ratio of the data result after the addition operation to N is determined as the data calculation result.
  • an embodiment of the present invention also provides a computing device, as shown in FIG. 5 , including at least one processor 501 and a memory 502 connected to the at least one processor.
  • the specific connection medium between the processor 501 and the memory 502, the connection between the processor 501 and the memory 502 in FIG. 5 is taken as an example.
  • the bus can be divided into address bus, data bus, control bus and so on.
  • the memory 502 stores instructions executable by at least one processor 501, and at least one processor 501 can execute the steps included in the aforementioned data processing method by executing the instructions stored in the memory 502.
  • the processor 501 is the control center of the computing device, which can use various interfaces and lines to connect various parts of the computing device, by running or executing instructions stored in the memory 502 and calling data stored in the memory 502, thereby realizing data deal with.
  • the processor 501 may include one or more processing units, and the processor 501 may integrate an application processor and a modem processor.
  • the call processor mainly handles issuing instructions. It can be understood that the foregoing modem processor may not be integrated into the processor 501 .
  • the processor 501 and the memory 502 can be implemented on the same chip, and in some embodiments, they can also be implemented on independent chips.
  • the processor 501 can be a general processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present invention.
  • a general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in the embodiments of the data processing method can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
  • the memory 502 as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules.
  • Memory 502 may include at least one type of storage medium, for example, may include flash memory, hard disk, multimedia card, card memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk , CD, etc.
  • Memory 502 is, but is not limited to, any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
  • the memory 502 in the embodiment of the present invention may also be a circuit or any other device capable of implementing a storage function, and is used for storing program instructions and/or data.
  • an embodiment of the present invention also provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program is run on the computing device, the computing device Execute the steps of the above data processing method.
  • the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Abstract

Embodiments of the present invention provide a data processing method. The method comprises: when a first computing node detects a data computing request, generating N pieces of first confusion information on the basis of private data of the first computing node, and respectively sending N-1 pieces of first confusion information of the N pieces of first confusion information to N-1 second computing nodes; receiving second confusion information respectively generated by the N-1 second computing nodes, and generating, according to first reserved confusion information and the N-1 pieces of second confusion information, ciphertext fragments used for determining a data computing result; and sending the ciphertext fragments to a data requester. In this way, according to the solution, a computing process for the data computing request can be completed on the premise of not leaking the private data of the computing nodes, and a generation flow of the computing nodes for the ciphertext fragments can be completed only by performing one round of interaction among the computing nodes, so that the efficiency of secure multi-party computing can be effectively improved.

Description

一种数据处理方法A data processing method
相关申请的交叉引用Cross References to Related Applications
本申请要求在2021年07月30日提交中国专利局、申请号为202110873970.2、申请名称为“一种数据处理方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application with application number 202110873970.2 and application title "A Data Processing Method" submitted to the China Patent Office on July 30, 2021, the entire contents of which are incorporated in this application by reference.
技术领域technical field
本发明实施例涉及金融科技(Fintech)领域,尤其涉及一种数据处理方法。Embodiments of the present invention relate to the field of financial technology (Fintech), and in particular, to a data processing method.
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技转变,但由于金融行业的安全性、实时性要求,也对技术提出的更高的要求。With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology. However, due to the security and real-time requirements of the financial industry, higher requirements are also placed on technology.
安全多方计算是一种在无可信第三方的情况下,通过多方共同参与,安全地完成某种协同计算。即,在一个分布式网络中,每个参与者持有自己的隐私数据,希望共同完成对某个函数的计算,但要求每个参与者除计算结果外均不能得到其他参与者的任何输入信息。基于安全多方计算的特点,开始将安全多方计算应用于金融科技领域,以便为金融企业或金融企业的客户提供更为便利的服务。Secure multi-party computing is a kind of collaborative computing that is safely completed through the participation of multiple parties without a trusted third party. That is, in a distributed network, each participant holds his own private data and hopes to jointly complete the calculation of a certain function, but requires that each participant cannot obtain any input information from other participants except the calculation result . Based on the characteristics of secure multi-party computing, secure multi-party computing has been applied to the field of financial technology in order to provide more convenient services for financial enterprises or financial enterprise customers.
现阶段,通常是通过各参与者使用通用的安全多方计算协议,基于各参与者自己的隐私数据共同计算一个函数(比如乘法函数),同时在计算该乘法函数的过程中使用多个随机数进行多轮交互来组合完成多方输入的计算流程,以此得到该乘法函数的计算结果。然而,这种处理方式由于依赖复杂的密码学协议,因此在运算过程中各参与者的交互轮数会比较多,从而导致多方输入场景下的安全多方计算的效率低。At this stage, it is usually through the use of a common secure multi-party computing protocol by each participant to jointly calculate a function (such as a multiplication function) based on the private data of each participant, and use multiple random numbers in the process of calculating the multiplication function. Multiple rounds of interaction are combined to complete the calculation process of multiple inputs, so as to obtain the calculation result of the multiplication function. However, since this processing method relies on complex cryptographic protocols, the number of interaction rounds of each participant will be relatively large during the calculation process, resulting in low efficiency of secure multi-party computing in the multi-party input scenario.
综上,目前亟需一种数据处理方法,用以有效地提高安全多方计算的效率。To sum up, there is an urgent need for a data processing method to effectively improve the efficiency of secure multi-party computation.
发明内容Contents of the invention
第一方面,本发明实施例提供了一种数据处理方法,适用于具有N个计算节点的安全多方计算系统,所述方法包括:In the first aspect, an embodiment of the present invention provides a data processing method, which is suitable for a secure multi-party computing system with N computing nodes, and the method includes:
第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,并将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点;所述第一计算节点为所述N个计算节点中的任一个;所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;When the first computing node detects a data computing request, it generates N pieces of first obfuscation information based on the private data of the first computing node, and sends N-1 pieces of first obfuscation information among the N pieces of first obfuscation information Send to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is the N computing nodes except the first computing node Any computing node other than a node;
所述第一计算节点接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一保留混淆消息是所述N个第一混淆信息中除发送给N-1个第二计算节点之外的第一混淆信息;The first computing node receives the second obfuscation information generated by each of the N-1 second computing nodes, and generates a ciphertext for determining the data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Fragmentation; the first reserved confusion message is the first confusion information sent to N-1 second computing nodes in the N first confusion information;
所述第一计算节点将所述密文分片发送给数据请求方;所述数据请求方用于根据N个密文分片确定出数据计算结果。The first calculation node sends the ciphertext fragments to a data requester; the data requester is used to determine a data calculation result according to the N ciphertext fragments.
上述技术方案中,由于现有乘法函数运算的安全多方计算因依赖复杂的密码学协议, 因此在乘法函数运算过程中各参与者的交互轮数会比较多,导致多方输入场景下针对乘法函数运算的效率低。基于此,本发明中的技术方案中的第一计算节点在检测到数据计算请求时,即可开始生成密文分片的数据运算操作。即,基于第一计算节点的隐私数据生成N个第一混淆信息,并将N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点。同时,也会接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片。然后,将密文分片发送给数据请求方,以便数据请求方能够及时有效地根据N个密文分片确定出数据计算结果。如此,该方案不仅可以在不泄露各计算节点的隐私数据的前提下能够完成针对数据计算请求的计算过程,以便确保各计算节点的隐私数据的安全性,而且只需要各计算节点之间进行一轮交互即可完成各计算节点针对密文分片的生成流程,以便解决现有技术中的技术方案在计算过程中需要各参与方的交互轮数较多的问题,并可以有效地减少在确定数据计算结果的过程中各计算节点进行数据交互所消耗的网络资源,从而可以有效地提高安全多方计算的效率。In the above technical solution, since the existing secure multi-party calculation of multiplication function operation relies on complex cryptographic protocols, the number of interaction rounds of each participant in the multiplication function operation process will be relatively large, resulting in multi-party input scenarios. The efficiency is low. Based on this, when the first computing node in the technical solution of the present invention detects a data computing request, it can start a data computing operation for generating ciphertext fragments. That is, N pieces of first obfuscation information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information are sent to N-1 second computing nodes respectively. At the same time, it will also receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate a ciphertext fragment for determining the data calculation result based on the first reserved obfuscation message and the N-1 second obfuscation messages . Then, the ciphertext fragments are sent to the data requesting party, so that the data requesting party can timely and effectively determine the data calculation result according to the N ciphertext fragments. In this way, the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only needs to carry out a process between computing nodes. Rounds of interaction can complete the generation process of each computing node for ciphertext fragmentation, so as to solve the problem that the technical solutions in the prior art require a large number of interaction rounds for each participant in the calculation process, and can effectively reduce the number of rounds in the determination process. In the process of data calculation results, the network resources consumed by each computing node for data interaction can effectively improve the efficiency of secure multi-party computing.
可选地,所述基于所述第一计算节点的隐私数据生成N个第一混淆信息,包括:Optionally, the generating N pieces of first confusion information based on the private data of the first computing node includes:
所述第一计算节点生成符合安全多方计算机制的N个随机数,并将所述N个随机数作为N个混淆因子;The first computing node generates N random numbers conforming to the secure multi-party computing mechanism, and uses the N random numbers as N confusion factors;
针对每个混淆因子,所述第一计算节点根据所述混淆因子和所述第一计算节点的隐私数据,生成偏移因子,并将所述混淆因子和所述偏移因子确定为第一混淆信息。For each obfuscation factor, the first computing node generates an offset factor according to the obfuscation factor and the privacy data of the first computing node, and determines the obfuscation factor and the offset factor as a first obfuscation factor information.
上述技术方案中,通过生成N个随机数,用于对第一计算节点的隐私数据进行掩饰处理,以便避免第一计算节点的隐私数据被泄露,从而可以确保第一计算节点的隐私数据的安全性。同时,该方案所生成的第一混淆信息可以为后续生成密文分片提供支持,从而可以为数据请求方确定出数据计算结果提供支持。In the above technical solution, N random numbers are generated to cover up the private data of the first computing node, so as to prevent the private data of the first computing node from being leaked, thereby ensuring the security of the private data of the first computing node sex. At the same time, the first obfuscation information generated by the scheme can provide support for the subsequent generation of ciphertext fragments, thereby providing support for the data requester to determine the data calculation result.
可选地,所述第一计算节点生成符合安全多方计算机制的N个随机数,包括:Optionally, the first computing node generates N random numbers conforming to a secure multi-party computing mechanism, including:
所述第一计算节点通过在椭圆曲线数域上使用随机数生成算法,生成N-1个随机数;The first computing node generates N-1 random numbers by using a random number generation algorithm on the elliptic curve number field;
所述第一计算节点基于所述N-1个随机数,生成第N个随机数。The first computing node generates an Nth random number based on the N-1 random numbers.
上述技术方案中,通过在椭圆曲线数域上使用随机数生成算法来生成随机数,并基于生成的随机数对第一计算节点的隐私数据进行掩饰处理,如此可以避免第一计算节点的隐私数据被泄露,从而可以确保第一计算节点的隐私数据的安全性。In the above technical solution, a random number is generated by using a random number generation algorithm on the elliptic curve number field, and the private data of the first computing node is concealed based on the generated random number, so that the private data of the first computing node can be avoided is leaked, so that the security of the private data of the first computing node can be ensured.
可选地,所述根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片,包括:Optionally, the generating a ciphertext fragment for determining a data calculation result according to the first retained obfuscation message and the N-1 second obfuscation messages includes:
所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片;The first computing node determines a first type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages;
所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片;The first computing node determines a second type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages;
针对N个偏移因子中的任一偏移因子,所述第一计算节点根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片;For any offset factor among the N offset factors, the first computing node determines the third type of Sub-ciphertext fragmentation;
所述第一计算节点根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片。The first calculation node generates ciphertext for determining data calculation results according to the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation Fragmentation.
上述技术方案中,第一计算节点通过一轮交互即可获取N-1个第二计算节点的混淆因子以及偏移因子,而无需多轮交互来完成针对密文分片的生成。然后,基于保留在本地的 混淆因子、偏移因子以及N-1个第二计算节点的混淆因子、偏移因子,即可及时准确地生成用于确定数据计算结果的密文分片。如此,该方案可以为后续数据请求方及时地基于密文分片确定出数据计算结果提供支持,从而可以有效地提高安全多方计算的效率。In the above technical solution, the first computing node can obtain the confusion factors and offset factors of the N-1 second computing nodes through one round of interaction, without requiring multiple rounds of interaction to complete the generation of ciphertext fragments. Then, based on the obfuscation factors and offset factors retained locally and the obfuscation factors and offset factors of the N-1 second computing nodes, ciphertext fragments for determining data calculation results can be generated in a timely and accurate manner. In this way, the scheme can provide support for the subsequent data requester to determine the data calculation result based on the ciphertext fragmentation in a timely manner, thereby effectively improving the efficiency of secure multi-party computation.
可选地,所述第一类子密文分片、所述第二类子密文分片或所述第三类子密文分片是所述第一计算节点按照椭圆曲线数域上的数域乘法机制生成的。Optionally, the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation is performed by the first calculation node according to the elliptic curve number field Generated by the number field multiplication mechanism.
可选地,所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片,包括:Optionally, the first calculation node determines the first type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages, including:
所述第一计算节点通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,生成所述第一类子密文分片。The first calculation node generates the first type by performing number field multiplication on the first reserved confusion message and the N confusion factors in the N-1 second confusion messages on the elliptic curve number field. Sub-ciphertext fragmentation.
可选地,所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片,包括:Optionally, the first calculation node determines the second type of sub-ciphertext fragmentation based on the first retained obfuscation message and the N offset factors in the N-1 second obfuscation messages, including:
所述第一计算节点通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,生成所述第二类子密文分片。The first calculation node generates the second by performing number field multiplication on the first reserved confusion message and the N offset factors in the N-1 second confusion messages on the elliptic curve number field. Class subciphertext sharding.
可选地,针对N个偏移因子中的任一偏移因子,所述第一计算节点根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片,包括:Optionally, for any offset factor among the N offset factors, the first computing node calculates N-1 aliasing factors other than the offset factor and the aliasing factor corresponding to the offset factor, Determine the third type of sub-ciphertext fragmentation, including:
针对N个偏移因子中的任一偏移因子,所述第一计算节点通过在椭圆曲线数域上对所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,生成所述第三类子密文分片。For any offset factor among the N offset factors, the first calculation node uses the N-1 offset factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field The confusion factor performs a multiplication operation in the number field to generate the third type of sub-ciphertext fragments.
可选地,所述第一计算节点根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片,包括:Optionally, the first calculation node generates a data calculation algorithm for determining the The ciphertext fragmentation of the result, including:
所述第一计算节点通过在椭圆曲线数域上对所述第一类子密文分片、所述第二类子密文分片以及所述第三类子密文分片进行数加减和数乘运算,生成用于确定数据计算结果的密文分片。The first calculation node performs number addition and subtraction on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation on the elliptic curve number field and multiplication operation to generate ciphertext fragments for determining data calculation results.
上述技术方案中,通过在椭圆曲线数域上对第一保留混淆消息以及N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,即可及时地确定出第一类子密文分片;通过在椭圆曲线数域上对第一保留混淆消息以及N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,即可及时地确定出第二类子密文分片;针对N个偏移因子中的任一偏移因子,通过在椭圆曲线数域上对该偏移因子及该偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,即可及时地确定出第三类子密文分片,从而可以及时地确定出用于确定数据计算结果的密文分片,以便为有效地提高安全多方计算的效率提供支持,并可以确保各计算节点的隐私数据的安全性,以此避免各计算节点的隐私数据存在泄漏的风险。In the above technical solution, the first type of subkey can be determined in time by performing number field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field. Text slicing; the second type of subkey can be determined in time by performing number field multiplication on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages on the elliptic curve number field Text fragmentation; for any offset factor in the N offset factors, by counting N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field The field multiplication operation can determine the third type of sub-ciphertext fragmentation in time, so that the ciphertext fragmentation used to determine the data calculation result can be determined in time, so as to provide support for effectively improving the efficiency of secure multi-party computing. And it can ensure the security of the private data of each computing node, so as to avoid the risk of leakage of the private data of each computing node.
第二方面,本发明实施例提供了一种数据处理方法,适用于具有N个计算节点的安全多方计算系统,所述方法包括:In a second aspect, an embodiment of the present invention provides a data processing method, which is suitable for a secure multi-party computing system with N computing nodes, and the method includes:
数据请求方生成用于获取密文分片的数据计算请求;The data requester generates a data calculation request for obtaining ciphertext fragments;
所述数据请求方将所述数据计算请求分别发送给所述N个计算节点;第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点,并根据第一保留混淆消息以及所述N-1个第二计算节点生成的N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一计算节点为所述N个计算节点中的任一个,所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;The data requester sends the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generates N pieces of first confusion information based on the private data of the first computing node , sending N-1 first obfuscation information among the N first obfuscation information to N-1 second computing nodes, and retaining the obfuscation information according to the first and the N-1 second computing nodes The generated N-1 second confusion messages generate ciphertext fragments for determining data calculation results; the first computing node is any one of the N computing nodes, and the second computing node is all Any computing node except the first computing node among the N computing nodes;
所述数据请求方接收所述N个计算节点各自发送的密文分片;The data requester receives the ciphertext fragments sent by the N computing nodes respectively;
所述数据请求方根据N个密文分片,确定出数据计算结果。The data requester determines the data calculation result according to the N ciphertext fragments.
上述技术方案中,由于计算某一函数(比如乘法函数)所需的各数据存储在多个计算节点中,但是该多个计算节点并不会将各自的隐私数据泄露给数据请求方,只会将经过掩饰处理的隐私数据(即密文分片)发送给数据请求方,因此数据请求方在需要计算该乘法函数时,需要生成用于获取密文分片的数据计算请求,并将该数据计算请求发送给该多个计算节点,以便该多个计算节点中任一计算节点在检测到该数据请求时,即可开始生成密文分片的数据运算操作。即,第一计算节点基于第一计算节点的隐私数据生成N个第一混淆信息,并将N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点。同时,也会接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片。然后,将密文分片发送给数据请求方,以便数据请求方能够及时有效地根据N个密文分片确定出数据计算结果。如此,该方案不仅可以在不泄露各计算节点的隐私数据的前提下能够完成针对数据计算请求的计算过程,以便确保各计算节点的隐私数据的安全性,而且只需要各计算节点之间的一轮交互即可完成各计算节点针对密文分片的生成流程,从而可以有效地提高安全多方计算的效率。In the above technical solution, since the data required to calculate a certain function (such as a multiplication function) is stored in multiple computing nodes, but the multiple computing nodes will not leak their private data to the data requester, they will only Send the masked private data (that is, ciphertext fragmentation) to the data requester, so when the data requester needs to calculate the multiplication function, it needs to generate a data calculation request for obtaining the ciphertext fragmentation, and send the data The calculation request is sent to the plurality of calculation nodes, so that when any calculation node in the plurality of calculation nodes detects the data request, it can start the data operation operation of generating ciphertext fragments. That is, the first computing node generates N first obfuscated information based on the private data of the first computing node, and sends N-1 first obfuscated information among the N first obfuscated information to N-1 second computing nodes respectively. node. At the same time, it will also receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate a ciphertext fragment for determining the data calculation result based on the first reserved obfuscation message and the N-1 second obfuscation messages . Then, the ciphertext fragments are sent to the data requesting party, so that the data requesting party can timely and effectively determine the data calculation result according to the N ciphertext fragments. In this way, the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only requires a Round-by-round interaction can complete the generation process of each computing node for ciphertext fragmentation, which can effectively improve the efficiency of secure multi-party computing.
可选地,所述数据请求方根据N个密文分片,确定出数据计算结果,包括:Optionally, the data requester determines the data calculation result according to the N ciphertext fragments, including:
所述数据请求方通过在椭圆曲线数域上对所述N个密文分片进行数加运算,得到数加运算后的数据结果;The data requester obtains the data result after the numerical addition by performing numerical addition on the N ciphertext fragments on the elliptic curve number field;
将所述数加运算后的数据结果与N的比值,确定为所述数据计算结果。The ratio of the data result after the addition operation to N is determined as the data calculation result.
上述技术方案中,通过在椭圆曲线数域上对N个密文分片进行数加运算,得到数加运算后的数据结果,并将该数加运算后的数据结果与N进行除法运算,即可准确地计算出数据计算结果。In the above technical solution, by performing numerical addition on N ciphertext slices on the elliptic curve number field, the data result after the numerical addition is obtained, and the data result after the numerical addition is divided by N, that is Data calculation results can be accurately calculated.
第三方面,本发明实施例提供了一种数据处理装置,适用于具有N个计算节点的安全多方计算系统,所述装置包括:In a third aspect, an embodiment of the present invention provides a data processing device, which is suitable for a secure multi-party computing system with N computing nodes, and the device includes:
第一生成单元,用于在检测到数据计算请求时,基于第一计算节点的隐私数据生成N个第一混淆信息,并将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点;所述第一计算节点为所述N个计算节点中的任一个;所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;The first generation unit is configured to generate N pieces of first obfuscation information based on the privacy data of the first computing node when a data calculation request is detected, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information The information is sent to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is any one of the N computing nodes except the first Any computing node other than a computing node;
第一处理单元,用于接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一保留混淆消息是所述N个第一混淆信息中除发送给N-1个第二计算节点之外的第一混淆信息;将所述密文分片发送给数据请求方;所述数据请求方用于根据N个密文分片确定出数据计算结果。The first processing unit is configured to receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate an encryption key for determining the data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Text fragmentation; the first reserved obfuscation message is the first obfuscation information sent to the N-1 second computing nodes in the N first obfuscation information; the ciphertext fragmentation is sent to the data A requester; the data requester is used to determine the data calculation result according to the N ciphertext fragments.
可选地,所述第一生成单元具体用于:Optionally, the first generation unit is specifically configured to:
生成符合安全多方计算机制的N个随机数,并将所述N个随机数作为N个混淆因子;Generate N random numbers conforming to the secure multi-party computing mechanism, and use the N random numbers as N confusion factors;
针对每个混淆因子,根据所述混淆因子和所述第一计算节点的隐私数据,生成偏移因子,并将所述混淆因子和所述偏移因子确定为第一混淆信息。For each obfuscation factor, an offset factor is generated according to the obfuscation factor and the private data of the first computing node, and the obfuscation factor and the offset factor are determined as first obfuscation information.
可选地,所述第一生成单元具体用于:Optionally, the first generation unit is specifically configured to:
通过在椭圆曲线数域上使用随机数生成算法,生成N-1个随机数;Generate N-1 random numbers by using a random number generation algorithm on the elliptic curve number field;
基于所述N-1个随机数,生成第N个随机数。Based on the N-1 random numbers, an Nth random number is generated.
可选地,所述第一处理单元具体用于:Optionally, the first processing unit is specifically configured to:
基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片;Based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages, determine a first type of sub-ciphertext fragmentation;
基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片;Based on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages, determine a second type of sub-ciphertext fragmentation;
针对N个偏移因子中的任一偏移因子,根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片;For any offset factor in the N offset factors, determine the third type of sub-ciphertext fragmentation according to the offset factor and the N-1 confusion factors other than the confusion factor corresponding to the offset factor;
根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片。According to the first type of sub-ciphertext fragments, the second type of sub-ciphertext fragments and the third type of sub-ciphertext fragments, a ciphertext fragment for determining a data calculation result is generated.
可选地,所述第一类子密文分片、所述第二类子密文分片以及所述第三类子密文分片均是所述第一计算节点通过在椭圆曲线数域上进行数域乘法运算确定的。Optionally, the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation are all obtained by the first computing node in the elliptic curve number field It is determined by the multiplication operation on the number field.
可选地,所述第一处理单元具体用于:Optionally, the first processing unit is specifically configured to:
通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,生成所述第一类子密文分片。The first type of sub-ciphertext fragment is generated by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field.
可选地,所述第一处理单元具体用于:Optionally, the first processing unit is specifically configured to:
通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,生成所述第二类子密文分片。Generate the second type of sub-ciphertext fragmentation by performing number field multiplication on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages on the elliptic curve number field .
可选地,所述第一处理单元具体用于:Optionally, the first processing unit is specifically configured to:
针对N个偏移因子中的任一偏移因子,通过在椭圆曲线数域上对所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,生成所述第三类子密文分片。For any offset factor in the N offset factors, perform number field multiplication on the N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field operation to generate the third type of sub-ciphertext fragments.
可选地,所述第一处理单元具体用于:Optionally, the first processing unit is specifically configured to:
通过在椭圆曲线数域上对所述第一类子密文分片、所述第二类子密文分片以及所述第三类子密文分片进行数加减和数乘运算,生成用于确定数据计算结果的密文分片。By performing number addition, subtraction and multiplication operations on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation on the elliptic curve number field, generate The ciphertext fragment used to determine the result of data calculation.
第四方面,本发明实施例提供了一种数据处理装置,适用于具有N个计算节点的安全多方计算系统,所述装置包括:In a fourth aspect, an embodiment of the present invention provides a data processing device, which is suitable for a secure multi-party computing system with N computing nodes, and the device includes:
第二生成单元,用于生成用于获取密文分片的数据计算请求;a second generating unit, configured to generate a data calculation request for obtaining ciphertext fragmentation;
第二处理单元,用于将所述数据计算请求分别发送给所述N个计算节点;第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点,并根据第一保留混淆消息以及所述N-1个第二计算节点生成的N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一计算节点为所述N个计算节点中的任一个,所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;接收所述N个计算节点各自发送的密文分片;根据N个密文分片,确定出数据计算结果。The second processing unit is configured to send the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generate N first computing nodes based on the private data of the first computing node Obfuscating information, sending N-1 first obfuscated information among the N first obfuscated information to N-1 second computing nodes, and retaining the obfuscated information and the N-1 second computing nodes according to the first The N-1 second confusion messages generated by the computing nodes generate ciphertext fragments for determining data calculation results; the first computing node is any one of the N computing nodes, and the second computing node Be any computing node in the N computing nodes except the first computing node; receive the ciphertext fragments sent by the N computing nodes; determine the data calculation result according to the N ciphertext fragments .
可选地,所述第二处理单元具体用于:Optionally, the second processing unit is specifically configured to:
通过在椭圆曲线数域上对所述N个密文分片进行数加运算,得到数加运算后的数据结果;By performing numerical addition on the N ciphertext fragments on the elliptic curve number field, a data result after the numerical addition is obtained;
所述数据请求方将所述数加运算后的数据结果与N的比值,确定为所述数据计算结果。The data requester determines the ratio of the data result after the addition operation to N as the data calculation result.
第五方面,本发明实施例提供一种计算设备,包括至少一个处理器以及至少一个存储 器,其中,所述存储器存储有计算机程序,当所述程序被所述处理器执行时,使得所述处理器执行上述第一方面或第二方面任意所述的数据处理方法。In a fifth aspect, an embodiment of the present invention provides a computing device, including at least one processor and at least one memory, wherein the memory stores a computer program, and when the program is executed by the processor, the processing The device executes the data processing method described in any of the first aspect or the second aspect above.
第六方面,本发明实施例提供一种计算机可读存储介质,其存储有可由计算设备执行的计算机程序,当所述程序在所述计算设备上运行时,使得所述计算设备执行上述第一方面或第二方面任意所述的数据处理方法。In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program runs on the computing device, the computing device executes the above-mentioned first The data processing method described in any aspect or the second aspect.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.
图1为本发明实施例提供的一种安全多方计算系统架构的示意图;FIG. 1 is a schematic diagram of a secure multi-party computing system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种数据处理方法的流程示意图;FIG. 2 is a schematic flowchart of a data processing method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种数据处理装置的结构示意图;FIG. 3 is a schematic structural diagram of a data processing device provided by an embodiment of the present invention;
图4为本发明实施例提供的另一种数据处理装置的结构示意图;FIG. 4 is a schematic structural diagram of another data processing device provided by an embodiment of the present invention;
图5为本发明实施例提供的一种计算设备的结构示意图。FIG. 5 is a schematic structural diagram of a computing device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
为了便于理解本发明实施例,首先以图1中示出的系统架构为例说明适用于本发明实施例的安全多方计算系统架构。如图1所示,该安全多方计算系统架构可以为客户端100和安全多方计算分布式系统200。其中,安全多方计算分布式系统200可以包括至少一个计算节点,比如计算节点201、计算节点202和计算节点203等。其中,客户端100和至少一个计算节点可以通过有线方式进行通信连接,或者可以通过无线方式进行通信连接,本发明实施例对此并不作限定。In order to facilitate the understanding of the embodiment of the present invention, first, the system architecture shown in FIG. 1 is taken as an example to describe the architecture of the secure multi-party computing system applicable to the embodiment of the present invention. As shown in FIG. 1 , the architecture of the secure multi-party computing system may be a client 100 and a distributed secure multi-party computing system 200 . Wherein, the secure multi-party computing distributed system 200 may include at least one computing node, such as computing node 201 , computing node 202 , and computing node 203 . Wherein, the client 100 and at least one computing node may be connected in a wired manner, or may be connected in a wireless manner, which is not limited in this embodiment of the present invention.
其中,数据请求方需要针对某一函数进行计算时,可以通过终端设备上的客户端100生成数据计算请求,并将该数据计算请求分别发送给安全多方计算分布式系统200中的各计算节点。安全多方计算分布式系统200中的任一计算节点在检测该数据计算请求时,即可开始针对该数据计算请求的密文分片生成流程,比如以计算节点201为例,计算节点201在检测到该数据计算请求后,即可开始针对该数据计算请求的密文分片生成流程。安全多方计算分布式系统200中的各计算节点在生成各自的密文分片后会将各自的密文分片分别发送给数据请求方,以便数据请求方基于各计算节点生成的密文分片计算出数据计算结果。其中,终端设备可以包括但不限于智能手机、平板电脑、笔记本电脑、台式电脑、车载终端等。Wherein, when the data requester needs to calculate a certain function, the client 100 on the terminal device can generate a data calculation request, and send the data calculation request to each computing node in the secure multi-party computing distributed system 200 respectively. When any computing node in the secure multi-party computing distributed system 200 detects the data computing request, it can start the ciphertext fragment generation process for the data computing request. For example, taking the computing node 201 as an example, the computing node 201 detects After receiving the data calculation request, the ciphertext fragment generation process for the data calculation request can be started. After the computing nodes in the secure multi-party computing distributed system 200 generate their own ciphertext fragments, they will send their respective ciphertext fragments to the data requesting party, so that the data requesting party can Calculate the data calculation results. Wherein, the terminal device may include, but not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a vehicle terminal, and the like.
需要说明的是,上述图1所示的结构仅是一种示例,本发明实施例对此不做限定。It should be noted that the above structure shown in FIG. 1 is only an example, which is not limited in this embodiment of the present invention.
基于上述描述,图2示例性的示出了本发明实施例提供的一种数据处理方法的流程, 该流程可以由数据处理装置执行。其中,本发明实施例中的数据处理方法适用于具有N个计算节点的安全多方计算系统。Based on the above description, FIG. 2 exemplarily shows a flow of a data processing method provided by an embodiment of the present invention, and the flow may be executed by a data processing apparatus. Wherein, the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
如图2所示,该流程具体包括:As shown in Figure 2, the process specifically includes:
步骤201,数据请求方生成用于获取密文分片的数据计算请求。In step 201, the data requester generates a data calculation request for obtaining ciphertext fragments.
步骤202,所述数据请求方分别发送所述数据计算请求给所述N个计算节点。Step 202, the data requester sends the data calculation requests to the N calculation nodes respectively.
上述步骤201和步骤202中,由于计算某一函数所需的各数据分布在多个计算节点中,但是该多个计算节点并不会将各自的隐私数据泄露给数据请求方,因此数据请求方在需要计算该乘法函数时,需要生成用于获取密文分片的数据计算请求,并将该数据计算请求发送给该多个计算节点。其中,数据请求方可以是N个计算节点中的任一计算节点,也可以是独立于N个计算节点以外的服务节点。示例性地,假设有3个计算节点,即计算节点A、计算节点B和计算节点C,以计算节点A为数据请求方为例,该计算节点A的用户在需要计算某一函数(比如乘法函数)时,就需要通过终端设备上的客户端生成用于获取确定数据计算结果的密文分片的数据计算请求,然后,通过该客户端将该数据计算请求分别发送给计算节点A、计算节点B和计算节点C;或者,该计算节点A的用户直接通过计算节点A提供的服务界面生成用于获取确定数据计算结果的密文分片的数据计算请求,并通过该服务界面将该数据计算请求分别发送给计算节点A、计算节点B和计算节点C。或者,假设有3个计算节点,即计算节点A、计算节点B和计算节点C,以独立于这三个计算节点之外的服务节点为数据请求方为例,该服务节点的用户在需要计算某一函数时,就需要通过该服务节点提供的服务界面(或者通过该服务节点对应的客户端)生成用于获取确定数据计算结果的密文分片的数据计算请求,然后,通过服务界面(或该服务节点对应的客户端)将该数据计算请求发送给该服务节点,该服务节点将该数据计算请求分别发送给计算节点A、计算节点B和计算节点C。In the above step 201 and step 202, since the data required to calculate a certain function are distributed in multiple computing nodes, but the multiple computing nodes will not leak their private data to the data requester, so the data requester When the multiplication function needs to be calculated, a data calculation request for obtaining ciphertext fragments needs to be generated, and the data calculation request is sent to the plurality of calculation nodes. Wherein, the data requester may be any computing node among the N computing nodes, or may be a service node independent of the N computing nodes. Exemplarily, suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C. Taking computing node A as the data requester as an example, users of computing node A need to calculate a certain function (such as multiplication function), it is necessary to use the client on the terminal device to generate a data calculation request for obtaining the ciphertext fragmentation of the determined data calculation result, and then send the data calculation request to the calculation node A and the calculation node A through the client. Node B and computing node C; or, the user of the computing node A directly generates a data calculation request for obtaining the ciphertext fragmentation of the determined data calculation result through the service interface provided by the computing node A, and passes the data through the service interface Computing requests are sent to computing node A, computing node B, and computing node C respectively. Or, suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C. Taking a service node independent of these three computing nodes as the data requester as an example, users of the service node need to compute For a certain function, it is necessary to use the service interface provided by the service node (or through the client corresponding to the service node) to generate a data calculation request for obtaining the ciphertext fragmentation of the determined data calculation result, and then, through the service interface ( or the client corresponding to the service node) sends the data calculation request to the service node, and the service node sends the data calculation request to computing node A, computing node B, and computing node C respectively.
步骤203,第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,并将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点。Step 203: When the first computing node detects the data computing request, it generates N pieces of first obfuscation information based on the private data of the first computing node, and sends N-1 pieces of the N first obfuscation information One obfuscation information is sent to N-1 second computing nodes respectively.
本发明实施例中,第一计算节点在检测到数据计算请求时,生成符合安全多方计算机制的N个随机数,并将该N个随机数作为N个混淆因子。针对每个混淆因子,根据该混淆因子以及第一计算节点的隐私数据,生成偏移因子,并将该混淆因子以及该混淆因子对应的偏移因子确定为第一混淆信息,并将N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点。其中,第一计算节点为N个计算节点中的任一个;第二计算节点为N个计算节点中除该第一计算节点以外的任一计算节点。如此,通过生成N个随机数,用于对第一计算节点的隐私数据进行掩饰处理,以便避免第一计算节点的隐私数据被泄露,从而可以确保第一计算节点的隐私数据的安全性。同时,该方案所生成的第一混淆信息可以为后续生成密文分片提供支持,从而可以为数据请求方确定出数据计算结果提供支持。In the embodiment of the present invention, when the first calculation node detects a data calculation request, it generates N random numbers conforming to the secure multi-party computing mechanism, and uses the N random numbers as N confusion factors. For each confusion factor, an offset factor is generated according to the confusion factor and the privacy data of the first computing node, and the confusion factor and the offset factor corresponding to the confusion factor are determined as the first confusion information, and the Nth The N-1 pieces of first confusion information in one piece of confusion information are respectively sent to the N-1 second computing nodes. Wherein, the first computing node is any one of the N computing nodes; the second computing node is any computing node in the N computing nodes except the first computing node. In this way, N random numbers are generated for masking the private data of the first computing node, so as to prevent the private data of the first computing node from being leaked, thereby ensuring the security of the private data of the first computing node. At the same time, the first obfuscation information generated by the scheme can provide support for the subsequent generation of ciphertext fragments, thereby providing support for the data requester to determine the data calculation result.
具体地,在生成符合安全多方计算机制的N个随机数时,第一计算节点通过在椭圆曲线数域上使用随机数生成算法,生成N-1个随机数,同时基于该N-1个随机数,可以生成第N个随机数。如此,通过在椭圆曲线数域上使用随机数生成算法来生成随机数,可以避免基于生成的随机数对第一计算节点的隐私数据进行掩饰处理所生成的偏移因子被破解而泄露第一计算节点的隐私数据,从而可以确保第一计算节点的隐私数据的安全性。Specifically, when generating N random numbers conforming to the secure multi-party computing mechanism, the first computing node generates N-1 random numbers by using a random number generation algorithm on the elliptic curve number field, and at the same time based on the N-1 random numbers Number, the Nth random number can be generated. In this way, by using a random number generation algorithm on the elliptic curve number field to generate random numbers, it is possible to prevent the offset factor generated by concealing the private data of the first computing node based on the generated random numbers from being cracked and leaking the first computing node. The private data of the node can ensure the security of the private data of the first computing node.
示例性地,假设有3个计算节点,即计算节点A、计算节点B和计算节点C,且计算节点A拥有隐私数据a,计算节点B拥有隐私数据b,计算节点C拥有隐私数据c。同时,以独立于这三个计算节点之外的服务节点为数据请求方(比如数据请求方D)进行描述,数据请求方D在无法获知隐私数据a、b、c的前提下可以正确获得乘法函数的计算结果,即d=a*b*c。也即是,通过计算节点A、计算节点B和计算节点C在不泄露隐私数据a、b、c的前提下,联合计算确定出最终的乘法函数的计算结果,即d=F_mul(a,b,c)=a*b*c。计算节点A在检测到数据请求方D的数据计算请求时,通过在椭圆曲线数域上使用随机数生成算法,生成256位随机数ra1、ra2,并计算出ra3=-(ra1+ra2)。然后,将ra1、ra2和ra3作为三方安全计算中计算节点A的三个混淆因子,并使用这三个混淆因子对计算节点A的隐私数据a进行偏移运算处理,即可计算节点A的三个偏移因子,即a1=a+ra1,a2=a+ra2,a3=a+ra3。如此,将(ra1,a1)、(ra2,a2)、(ra3,a3)均可确定为第一混淆信息。同理,计算节点B在检测到数据请求方D的数据计算请求时,也可以通过在椭圆曲线数域上使用随机数生成算法,生成256位随机数rb1、rb2,并计算出rb3=-(rb1+rb2)。然后,将rb1、rb2和rb3作为三方安全计算中计算节点B的三个混淆因子,并使用这三个混淆因子对计算节点B的隐私数据b进行偏移运算处理,即可计算节点B的三个偏移因子,即b1=b+rb1,b2=b+rb2,b3=b+rb3。如此,将(rb1,b1)、(rb2,b2)、(rb3,b3)均可确定为第一混淆信息。计算节点C在检测到数据请求方D的数据计算请求时,也可以通过在椭圆曲线数域上使用随机数生成算法,生成256位随机数rc1、rc2,并计算出rc3=-(rc1+rc2)。然后,将rc1、rc2和rc3作为三方安全计算中计算节点C的三个混淆因子,并使用这三个混淆因子对计算节点C的隐私数据c进行偏移运算处理,即可计算节点C的三个偏移因子,即c1=c+rc1,c2=c+rc2,c3=c+rc3。如此,将(rc1,c1)、(rc2,c2)、(rc3,c3)均可确定为第一混淆信息。For example, suppose there are three computing nodes, namely, computing node A, computing node B, and computing node C, and computing node A owns private data a, computing node B owns private data b, and computing node C owns private data c. At the same time, the data requester (such as data requester D) is described as a service node independent of the three computing nodes. The data requester D can correctly obtain the multiplication data without knowing the private data a, b, and c The calculation result of the function, that is, d=a*b*c. That is to say, through calculation node A, calculation node B and calculation node C, on the premise of not disclosing private data a, b, c, the joint calculation determines the final calculation result of the multiplication function, that is, d=F_mul(a,b ,c)=a*b*c. When the calculation node A detects the data calculation request from the data requester D, it generates 256-bit random numbers ra1 and ra2 by using a random number generation algorithm on the elliptic curve number field, and calculates ra3=-(ra1+ra2). Then, take ra1, ra2, and ra3 as the three confusion factors of computing node A in the three-party secure computing, and use these three confusion factors to perform offset operation processing on the private data a of computing node A, and then calculate the three-way confusion factor of node A. offset factors, namely a1=a+ra1, a2=a+ra2, a3=a+ra3. In this way, (ra1, a1), (ra2, a2), and (ra3, a3) can all be determined as the first confusion information. Similarly, when the calculation node B detects the data calculation request from the data requester D, it can also generate 256-bit random numbers rb1 and rb2 by using a random number generation algorithm on the elliptic curve number field, and calculate rb3=-( rb1+rb2). Then, take rb1, rb2, and rb3 as the three confusion factors of computing node B in the three-party secure computing, and use these three confusion factors to perform offset operation on the private data b of computing node B, and then calculate the three-way confusion factors of node B. offset factors, namely b1=b+rb1, b2=b+rb2, b3=b+rb3. In this way, (rb1, b1), (rb2, b2), and (rb3, b3) can all be determined as the first confusion information. When the calculation node C detects the data calculation request from the data requester D, it can also use the random number generation algorithm on the elliptic curve number field to generate 256-bit random numbers rc1 and rc2, and calculate rc3=-(rc1+rc2 ). Then, take rc1, rc2 and rc3 as the three confusion factors of computing node C in the three-party secure computing, and use these three confusion factors to perform offset operation processing on the private data c of computing node C, then the three-way confusion factor of node C can be calculated offset factors, namely c1=c+rc1, c2=c+rc2, c3=c+rc3. In this way, (rc1, c1), (rc2, c2), and (rc3, c3) can all be determined as the first confusion information.
然后,计算节点A、计算节点B以及计算节点C进行第一混淆信息的数据交互。示例性地,计算节点A、计算节点B以及计算节点C之间以第一种可能的实现方式进行第一混淆信息的交互,比如计算节点A将序号为2的第一混淆信息,即(ra2,a2),发送给计算节点B,将序号为3的第一混淆信息,即(ra3,a3),发送给计算节点C,同时将序号为1的第一混淆信息,即(ra1,a1),保留在本地。同理,计算节点B将序号为1的第一混淆信息,即(rb1,b1),发送给计算节点A,将序号为3的第一混淆信息,即(rb3,b3),发送给计算节点C,同时将序号为2的第一混淆信息,即(rb2,b2),保留在本地。计算节点C将序号为1的第一混淆信息,即(rc1,c1),发送给计算节点A,将序号为2的第一混淆信息,即(rc2,c2),发送给计算节点B,同时将序号为3的第一混淆信息,即(rc3,c3),保留在本地。Then, computing node A, computing node B, and computing node C perform data interaction of the first obfuscated information. Exemplarily, computing node A, computing node B, and computing node C perform the interaction of the first obfuscation information in the first possible implementation manner, for example, computing node A sends the first obfuscation information with serial number 2, that is (ra2 , a2), send to computing node B, send the first confusion information with sequence number 3, namely (ra3, a3), to computing node C, and at the same time send the first confusion information with sequence number 1, namely (ra1, a1) , kept locally. Similarly, computing node B sends the first obfuscation information with serial number 1, namely (rb1, b1), to computing node A, and sends the first obfuscated information with serial number 3, namely (rb3, b3), to computing node C. At the same time, keep the first obfuscation information whose serial number is 2, namely (rb2, b2), locally. Computing node C sends the first obfuscation information with sequence number 1, namely (rc1, c1), to computing node A, and sends the first obfuscation information with sequence number 2, namely (rc2, c2), to computing node B, and at the same time Keep the first obfuscation information whose sequence number is 3, namely (rc3, c3), locally.
或者,计算节点A、计算节点B以及计算节点C之间以第二种可能的实现方式进行第一混淆信息的交互,比如计算节点A将序号为1的第一混淆信息,即(ra1,a1),发送给计算节点B,将序号为2的第一混淆信息,即(ra2,a2),发送给计算节点C,同时将序号为3的第一混淆信息,即(ra3,a3),保留在本地。同理,计算节点B将序号为1的第一混淆信息,即(rb1,b1),发送给计算节点A,将序号为2的第一混淆信息,即(rb2,b2),发送给计算节点C,同时将序号为3的第一混淆信息,即(rb3,b3),保留在本地。计算节点C将序号为1的第一混淆信息,即(rc1,c1),发送给计算节点A,将序号为3的第一混淆信息,即(rc3,c3),发送给计算节点B,同时将序号为2的第一混淆信息,即(rc2,c2),保留在本地。基于此,针对三方安全计算乘法函数时,本发明实施例提供的技术方案在进行数据交互时只需要交互三个随机数即可完成针对该乘法函数的运算操作,但是现有技术中三方在进行乘法函数 运算操作时需要交互四个以上甚至更多的随机数才能完成针对该乘法函数的运算操作,如此,本发明实施例提供的技术方案针对安全三方安全计算乘法操作交互的随机数更少,交互的轮数也更少,因此安全多方计算的效率更高。需要说明的是,计算节点A、计算节点B和计算节点C之间也可以按照其它的实现方式进行交互第一混淆信息,在此不再赘述,当然,本发明实施例对此也并不作限定。Alternatively, computing node A, computing node B, and computing node C perform the interaction of the first obfuscation information in the second possible implementation manner, for example, computing node A sends the first obfuscation information with the serial number 1, that is, (ra1, a1 ), send it to computing node B, send the first obfuscation information with sequence number 2, namely (ra2, a2), to computing node C, and at the same time, keep the first obfuscation information with sequence number 3, namely (ra3, a3), locally. Similarly, computing node B sends the first obfuscation information with serial number 1, namely (rb1, b1), to computing node A, and sends the first obfuscated information with serial number 2, namely (rb2, b2), to computing node C. At the same time, keep the first obfuscation information with sequence number 3, namely (rb3, b3), locally. Computing node C sends the first obfuscation information with sequence number 1, namely (rc1, c1), to computing node A, and sends the first obfuscation information with sequence number 3, namely (rc3, c3), to computing node B, and at the same time Keep the first obfuscation information whose sequence number is 2, namely (rc2, c2), locally. Based on this, when the multiplication function is safely calculated by the three parties, the technical solution provided by the embodiment of the present invention only needs to interact with three random numbers to complete the calculation operation for the multiplication function when performing data interaction. However, in the prior art, the three parties are performing When the multiplication function is operated, more than four or even more random numbers need to be interacted to complete the operation for the multiplication function. In this way, the technical solution provided by the embodiment of the present invention has fewer random numbers for safe three-party secure computing multiplication operations. There are also fewer rounds of interaction, so secure multi-party computation is more efficient. It should be noted that computing node A, computing node B, and computing node C may also exchange first obfuscated information in other implementation manners, which will not be repeated here. Of course, this embodiment of the present invention does not limit it. .
步骤204,所述第一计算节点接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片。 Step 204, the first computing node receives the second confusion information generated by each of the N-1 second computing nodes, and generates a calculation result for determining the data according to the first retained confusion message and the N-1 second confusion messages ciphertext fragments.
本发明实施例中,第一计算节点在接收来自N-1个第二计算节点生成的第二混淆信息后,按照椭圆曲线数域上的数域乘法机制生成第一类子密文分片、第二类子密文分片或第三类子密文分片。即,通过在椭圆曲线数域上对第一保留混淆消息以及N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,即可及时准确地确定出第一类子密文分片;通过在椭圆曲线数域上对第一保留混淆消息以及N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,即可及时准确地确定出第二类子密文分片;针对N个偏移因子中的任一偏移因子,通过在椭圆曲线数域上对该偏移因子及该偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,即可及时准确地确定出第三类子密文分片。其中,第一保留混淆消息是N个第一混淆信息中除发送给N-1个第二计算节点之外的第一混淆信息。如此,可以及时地确定出用于确定数据计算结果的密文分片,以便为有效地提高安全多方计算的效率提供支持,并可以确保各计算节点的隐私数据的安全性,以此避免各计算节点的隐私数据存在泄漏的风险。In the embodiment of the present invention, after receiving the second obfuscation information generated by N-1 second computing nodes, the first calculation node generates the first type of sub-ciphertext fragmentation according to the number field multiplication mechanism on the elliptic curve number field, The second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation. That is, by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field, the first type of subciphertext score can be determined in a timely and accurate manner. piece; by carrying out number-field multiplication on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages on the elliptic curve number field, the second type of sub-ciphertext can be determined timely and accurately Fragmentation; for any offset factor in the N offset factors, the N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor are calculated on the elliptic curve number field The multiplication operation can timely and accurately determine the third type of sub-ciphertext fragmentation. Wherein, the first reserved obfuscation message is the first obfuscation information among the N first obfuscation information except those sent to N-1 second computing nodes. In this way, the ciphertext fragments used to determine the data calculation results can be determined in a timely manner, so as to provide support for effectively improving the efficiency of secure multi-party calculations, and can ensure the security of the private data of each calculation node, thereby avoiding the need for each calculation There is a risk of leakage of private data of nodes.
示例性地,以上述第一种可能的实现方式为例进行描述第一计算节点生成密文分片的实施过程。即,计算节点A在接收到来自计算节点B发送的第一混淆信息(rb1,b1)以及计算节点C发送的第一混淆信息(rc1,c1)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a1、b1和c1,通过在椭圆曲线数域上对a1、b1和c1进行数域乘法运算,即可确定出第一类子密文分片,即share1=a1*b1*c1。再者,选取其中的混淆因子以及本地保留的第一混淆信息中的混淆因子,即ra1、rb1和rc1,通过在椭圆曲线数域上对ra1、rb1和rc1进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra1*rb1*rc1。然后,使用来自计算节点B和计算节点C的混淆因子rb1、rc1与计算节点A的偏移因子a1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb1*rc1*a1。使用来自计算节点A和计算节点C的混淆因子ra1、rc1与计算节点B的偏移因子b1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra1*rc1*b1。使用来自计算节点A和计算节点B的混淆因子ra1、rb1与计算节点C的偏移因子c1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra1*rb1*c1。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用于确定数据计算结果的密文分片,即SA=share1+2*share2-share3-share4-share5,也即是SA=a1*b1*c1+2*ra1*rb1*rc1-rb1*rc1*a1-ra1*rc1*b1-ra1*rb1*c1。Exemplarily, the implementation process of generating ciphertext fragments by the first computing node is described by taking the first possible implementation manner as an example. That is, after computing node A receives the first obfuscation information (rb1, b1) sent from computing node B and the first obfuscation information (rc1, c1) sent by computing node C, it selects the offset factor and the locally reserved The offset factors in the first obfuscation information, that is, a1, b1 and c1, can determine the first type of sub-ciphertext fragmentation by performing number field multiplication on a1, b1 and c1 on the elliptic curve number field, namely share1=a1*b1*c1. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra1, rb1 and rc1, and perform number field multiplication on ra1, rb1 and rc1 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra1*rb1*rc1. Then, use the confusion factors rb1 and rc1 from computing node B and computing node C and the offset factor a1 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb1*rc1*a1. Using the confusion factors ra1 and rc1 from computing node A and computing node C and the offset factor b1 of computing node B to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra1*rc1*b1. Using the confusion factors ra1 and rb1 from computing node A and computing node B and the offset factor c1 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra1*rb1*c1. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext fragments on the elliptic curve number field, the ciphertext fragments used to determine the data calculation results can be determined, that is, SA=share1+2*share2 -share3-share4-share5, namely SA=a1*b1*c1+2*ra1*rb1*rc1-rb1*rc1*a1-ra1*rc1*b1-ra1*rb1*c1.
同理,计算节点B在接收到来自计算节点A发送的第一混淆信息(ra2,a2)以及计算节点C发送的第一混淆信息(rc2,c2)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a2、b2和c2,通过在椭圆曲线数域上对a2、b2和c2进行数域乘法运算,即可确定出第一类子密文分片,即share1=a2*b2*c2。再者,选取其中的混淆因子以及 本地保留的第一混淆信息中的混淆因子,即ra2、rb2和rc2,通过在椭圆曲线数域上对ra2、rb2和rc2进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra2*rb2*rc2。然后,使用来自计算节点B和计算节点C的混淆因子rb2、rc2与计算节点A的偏移因子a2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb2*rc2*a2。使用来自计算节点A和计算节点C的混淆因子ra2、rc2与计算节点B的偏移因子b2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra2*rc2*b2。使用来自计算节点A和计算节点B的混淆因子ra2、rb2与计算节点C的偏移因子c2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra2*rb2*c2。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用于确定数据计算结果的密文分片,即SB=share1+2*share2-share3-share4-share5,也即是SB=a2*b2*c2+2*ra2*rb2*rc2-rb2*rc2*a2-ra2*rc2*b2-ra2*rb2*c2。Similarly, after receiving the first obfuscation information (ra2, a2) sent by computing node A and the first obfuscated information (rc2, c2) sent by computing node C, computing node B selects the offset factor and locally reserved The offset factors in the first obfuscation information, that is, a2, b2 and c2, can determine the first type of sub-ciphertext fragmentation by performing number field multiplication on a2, b2 and c2 on the elliptic curve number field, That is, share1=a2*b2*c2. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra2, rb2 and rc2, and perform number-field multiplication on ra2, rb2 and rc2 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra2*rb2*rc2. Then, use the confusion factors rb2 and rc2 from computing node B and computing node C and the offset factor a2 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb2*rc2*a2. Using the confusion factors ra2 and rc2 from computing node A and computing node C and the offset factor b2 of computing node B to perform number field multiplication on the elliptic curve number field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra2*rc2*b2. Using the confusion factors ra2 and rb2 from computing node A and computing node B and the offset factor c2 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra2*rb2*c2. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext fragments on the elliptic curve number field, the ciphertext fragments used to determine the data calculation results can be determined, that is, SB=share1+2*share2 -share3-share4-share5, that is, SB=a2*b2*c2+2*ra2*rb2*rc2-rb2*rc2*a2-ra2*rc2*b2-ra2*rb2*c2.
计算节点C在接收到来自计算节点A发送的第一混淆信息(ra3,a3)以及计算节点B发送的第一混淆信息(rb3,b3)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a3、b3和c3,通过在椭圆曲线数域上对a3、b3和c3进行数域乘法运算,即可确定出第一类子密文分片,即share1=a3*b3*c3。再者,选取其中的混淆因子以及本地保留的第一混淆信息中的混淆因子,即ra3、rb3和rc3,通过在椭圆曲线数域上对ra3、rb3和rc3进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra3*rb3*rc3。然后,使用来自计算节点B和计算节点C的混淆因子rb3、rc3与计算节点A的偏移因子a3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb3*rc3*a3。使用来自计算节点A和计算节点C的混淆因子ra3、rc3与计算节点B的偏移因子b3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra3*rc3*b3。使用来自计算节点A和计算节点B的混淆因子ra3、rb3与计算节点C的偏移因子c3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra3*rb3*c3。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用于确定数据计算结果的密文分片,即SC=share1+2*share2-share3-share4-share5,也即是SC=a3*b3*c3+2*ra3*rb3*rc3-rb3*rc3*a3-ra3*rc3*b3-ra3*rb3*c3。Computing node C, after receiving the first confusion information (ra3, a3) sent from computing node A and the first confusion information (rb3, b3) sent by computing node B, selects the offset factor and the locally reserved first The offset factors in the obfuscated information, namely a3, b3 and c3, can determine the first type of sub-ciphertext fragmentation by performing number field multiplication on a3, b3 and c3 on the elliptic curve number field, namely share1= a3*b3*c3. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra3, rb3 and rc3, and perform number field multiplication on ra3, rb3 and rc3 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra3*rb3*rc3. Then, use the confusion factors rb3 and rc3 from computing node B and computing node C and the offset factor a3 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb3*rc3*a3. Using the confusion factors ra3 and rc3 from computing node A and computing node C and the offset factor b3 of computing node B to perform number field multiplication on the elliptic curve number field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra3*rc3*b3. Using the confusion factors ra3 and rb3 from computing node A and computing node B and the offset factor c3 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra3*rb3*c3. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext fragments on the elliptic curve number field, the ciphertext fragments used to determine the data calculation results can be determined, that is, SC=share1+2*share2 -share3-share4-share5, namely SC=a3*b3*c3+2*ra3*rb3*rc3-rb3*rc3*a3-ra3*rc3*b3-ra3*rb3*c3.
或者,以上述第二种可能的实现方式为例进行描述第一计算节点生成密文分片的实施过程。即,计算节点A在接收到来自计算节点B发送的第一混淆信息(rb1,b1)以及计算节点C发送的第一混淆信息(rc1,c1)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a3、b1和c1,通过在椭圆曲线数域上对a3、b1和c1进行数域乘法运算,即可确定出第一类子密文分片,即share1=a3*b1*c1。再者,选取其中的混淆因子以及本地保留的第一混淆信息中的混淆因子,即ra3、rb1和rc1,通过在椭圆曲线数域上对ra3、rb1和rc1进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra3*rb1*rc1。然后,使用来自计算节点B和计算节点C的混淆因子rb1、rc1与计算节点A的偏移因子a3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb1*rc1*a3。使用来自计算节点A和计算节点C的混淆因子ra3、rc1与计算节点B的偏移因子b1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra3*rc1*b1。使用来自计算节点A和计算节点B的混淆因子ra3、rb1与计算节点C的偏移因子c1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra3*rb1*c1。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用 于确定数据计算结果的密文分片,即SA=share1+2*share2-share3-share4-share5,也即是SA=a3*b1*c1+2*ra3*rb1*rc1-rb1*rc1*a3-ra3*rc1*b1-ra3*rb1*c1。Alternatively, the implementation process of generating ciphertext fragments by the first computing node is described by taking the above second possible implementation manner as an example. That is, after computing node A receives the first obfuscation information (rb1, b1) sent from computing node B and the first obfuscation information (rc1, c1) sent by computing node C, it selects the offset factor and the locally reserved The offset factors in the first obfuscation information, that is, a3, b1, and c1, can determine the first type of sub-ciphertext fragmentation by performing number-field multiplication on a3, b1, and c1 on the elliptic curve number field, namely share1=a3*b1*c1. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra3, rb1 and rc1, and perform number field multiplication on ra3, rb1 and rc1 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra3*rb1*rc1. Then, use the confusion factors rb1 and rc1 from computing node B and computing node C and the offset factor a3 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb1*rc1*a3. Using the confusion factors ra3 and rc1 from computing node A and computing node C and the offset factor b1 from computing node B to perform number field multiplication on the elliptic curve number field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra3*rc1*b1. Using the confusion factors ra3 and rb1 from computing node A and computing node B and the offset factor c1 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra3*rb1*c1. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext fragments on the elliptic curve number field, the ciphertext fragments used to determine the data calculation results can be determined, that is, SA=share1+2*share2 -share3-share4-share5, namely SA=a3*b1*c1+2*ra3*rb1*rc1-rb1*rc1*a3-ra3*rc1*b1-ra3*rb1*c1.
同理,计算节点B在接收到来自计算节点A发送的第一混淆信息(ra1,a1)以及计算节点C发送的第一混淆信息(rc3,c3)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a1、b3和c3,通过在椭圆曲线数域上对a1、b3和c3进行数域乘法运算,即可确定出第一类子密文分片,即share1=a1*b3*c3。再者,选取其中的混淆因子以及本地保留的第一混淆信息中的混淆因子,即ra1、rb3和rc3,通过在椭圆曲线数域上对ra1、rb3和rc3进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra1*rb3*rc3。然后,使用来自计算节点B和计算节点C的混淆因子rb3、rc3与计算节点A的偏移因子a1在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb3*rc3*a1。使用来自计算节点A和计算节点C的混淆因子ra1、rc3与计算节点B的偏移因子b3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra1*rc3*b3。使用来自计算节点A和计算节点B的混淆因子ra1、rb3与计算节点C的偏移因子c3在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra1*rb3*c3。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用于确定数据计算结果的密文分片,即SB=share1+2*share2-share3-share4-share5,也即是SB=a1*b3*c3+2*ra1*rb3*rc3-rb3*rc3*a1-ra1*rc3*b3-ra1*rb3*c3。Similarly, after receiving the first obfuscation information (ra1, a1) sent by computing node A and the first obfuscated information (rc3, c3) sent by computing node C, computing node B selects the offset factor and locally reserved The offset factors in the first obfuscation information, that is, a1, b3 and c3, can determine the first type of sub-ciphertext fragmentation by performing number field multiplication on a1, b3 and c3 on the elliptic curve number field, That is, share1=a1*b3*c3. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra1, rb3 and rc3, and perform number field multiplication on ra1, rb3 and rc3 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra1*rb3*rc3. Then, use the confusion factors rb3 and rc3 from computing node B and computing node C and the offset factor a1 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb3*rc3*a1. Using the confusion factors ra1 and rc3 from computing node A and computing node C and the offset factor b3 from computing node B to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra1*rc3*b3. Using the confusion factors ra1 and rb3 from computing node A and computing node B and the offset factor c3 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra1*rb3*c3. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext fragments on the elliptic curve number field, the ciphertext fragments used to determine the data calculation results can be determined, that is, SB=share1+2*share2 -share3-share4-share5, that is, SB=a1*b3*c3+2*ra1*rb3*rc3-rb3*rc3*a1-ra1*rc3*b3-ra1*rb3*c3.
计算节点C在接收到来自计算节点A发送的第一混淆信息(ra2,a2)以及计算节点B发送的第一混淆信息(rb2,b2)后,选取其中的偏移因子以及本地保留的第一混淆信息中的偏移因子,即a2、b2和c2,通过在椭圆曲线数域上对a2、b2和c2进行数域乘法运算,即可确定出第一类子密文分片,即share1=a2*b2*c2。再者,选取其中的混淆因子以及本地保留的第一混淆信息中的混淆因子,即ra2、rb2和rc2,通过在椭圆曲线数域上对ra2、rb2和rc2进行数域乘法运算,即可确定出第二类子密文分片,即share2=ra2*rb2*rc2。然后,使用来自计算节点B和计算节点C的混淆因子rb2、rc2与计算节点A的偏移因子a2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share3=rb2*rc2*a2。使用来自计算节点A和计算节点C的混淆因子ra2、rc2与计算节点B的偏移因子b2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share4=ra2*rc2*b2。使用来自计算节点A和计算节点B的混淆因子ra2、rb2与计算节点C的偏移因子c2在椭圆曲线数域上进行数域乘法运算,即可确定出第三类子密文分片,即share5=ra2*rb2*c2。最后,通过在椭圆曲线数域上对各类子密文分片进行数加减以及数乘运算,即可确定出用于确定数据计算结果的密文分片,即SC=share1+2*share2-share3-share4-share5,也即是SC=a2*b2*c2+2*ra2*rb2*rc2-rb2*rc2*a2-ra2*rc2*b2-ra2*rb2*c2。After receiving the first obfuscation information (ra2, a2) sent by computing node A and the first obfuscation information (rb2, b2) sent by computing node B, computing node C selects the offset factor and the locally reserved first The offset factors in the obfuscated information, namely a2, b2 and c2, can determine the first type of sub-ciphertext fragmentation, namely share1= a2*b2*c2. Furthermore, select the confusion factors among them and the confusion factors in the locally retained first confusion information, that is, ra2, rb2 and rc2, and perform number-field multiplication on ra2, rb2 and rc2 on the elliptic curve number field to determine The second type of sub-ciphertext fragmentation is obtained, that is, share2=ra2*rb2*rc2. Then, use the confusion factors rb2 and rc2 from computing node B and computing node C and the offset factor a2 of computing node A to perform number field multiplication on the elliptic curve number field to determine the third type of sub-ciphertext fragmentation , namely share3=rb2*rc2*a2. Using the confusion factors ra2 and rc2 from computing node A and computing node C and the offset factor b2 of computing node B to perform number field multiplication on the elliptic curve number field, the third type of sub-ciphertext fragmentation can be determined, namely share4=ra2*rc2*b2. Using the confusion factors ra2 and rb2 from computing node A and computing node B and the offset factor c2 of computing node C to perform digital field multiplication on the elliptic curve digital field, the third type of sub-ciphertext fragmentation can be determined, namely share5=ra2*rb2*c2. Finally, by performing number addition, subtraction and multiplication operations on various sub-ciphertext slices on the elliptic curve number field, the ciphertext slices used to determine the data calculation results can be determined, that is, SC=share1+2*share2 -share3-share4-share5, namely SC=a2*b2*c2+2*ra2*rb2*rc2-rb2*rc2*a2-ra2*rc2*b2-ra2*rb2*c2.
步骤205,所述第一计算节点发送所述密文分片给数据请求方。Step 205, the first computing node sends the ciphertext fragment to the data requester.
步骤206,所述数据请求方根据N个密文分片,确定出数据计算结果。 Step 206, the data requester determines the data calculation result according to the N ciphertext fragments.
上述步骤205和步骤206中,各计算节点在生成密文分片后,会将各自生成的密文分片发送给数据请求方,以便数据请求方基于各计算节点生成的密文分片确定出数据计算结果。具体地,数据请求方在接收到N个密文分片后,通过在椭圆曲线数域上对N个密文分片进行数加运算,得到数加运算后的数据结果,并将数加运算后的数据结果与N进行除法运算,即可准确地计算出数据计算结果。示例性地,以上述第一种可能的实现方式为例进行描述各计算节点发送密文分片的实施过程。即,计算节点A将自己生成的密文分片SA 发送给数据请求方D,计算节点B将自己生成的密文分片SB发送给数据请求方D,计算节点C将自己生成的密文分片SC发送给数据请求方D。数据请求方D在接收到密文分片SA、SB以及SC后,通过在椭圆曲线数域上对密文分片SA、SB以及SC进行加和运算,并将加和运算所得的结果与3进行除法运算,即可准确地计算出数据计算结果,即(SA+SB+SC)/3=3*a*b*c/3=a*b*c。也即是,最终的计算结果等同于计算节点A、计算节点B以及计算节点C的隐私数据a、b、c的乘法运算结果a*b*c。In the above step 205 and step 206, after each computing node generates the ciphertext fragment, it will send the ciphertext fragment generated by it to the data requester, so that the data requestor can determine the Data calculation results. Specifically, after receiving the N ciphertext fragments, the data requester performs numerical addition operations on the N ciphertext fragments on the elliptic curve number field to obtain the data result after the numerical addition operation, and performs numerical addition operation The final data result is divided by N, and the data calculation result can be accurately calculated. Exemplarily, the above first possible implementation manner is taken as an example to describe the implementation process of each computing node sending ciphertext fragments. That is, computing node A sends the ciphertext segment SA generated by itself to data requester D, computing node B sends the ciphertext segment SB generated by itself to data requester D, and computing node C sends the ciphertext segment generated by itself The slice SC is sent to the data requester D. After receiving the ciphertext fragments SA, SB and SC, the data requester D performs sum operation on the ciphertext fragments SA, SB and SC on the elliptic curve number field, and compares the result of the sum operation with 3 By performing the division operation, the data calculation result can be accurately calculated, that is, (SA+SB+SC)/3=3*a*b*c/3=a*b*c. That is, the final calculation result is equivalent to the multiplication result a*b*c of the private data a, b, and c of computing node A, computing node B, and computing node C.
下面以一个应用场景为例进行描述,比如以三家计算机构共同计算家庭总收入为例进行描述本发明实施中基于安全多方计算的数据处理方法的实施过程。The following describes an application scenario as an example. For example, three computing institutions jointly calculate the total household income as an example to describe the implementation process of the data processing method based on secure multi-party computing in the implementation of the present invention.
示例性地,机构A拥有人均平均收入,比如10万元,机构B拥有家庭工作人数,比如2个人,机构C拥有工作年限,比如工作5年,需要这三个机构在不泄露各自的隐私数据的前提下完成针对某一户家庭的家庭总收入或多户家庭各自的家庭总收入。即,采用本发明实施例提供的上述基于安全多方计算的数据处理方法的技术方案,机构A通过在椭圆曲线数域上使用随机数生成算法,生成三个混淆因子,即ra1、ra2和ra3,并使用这三个混淆因子分别对金额10万元进行偏移运算,即可得到三个偏移因子,即a1、a2和a3。同理,机构B通过在椭圆曲线数域上使用随机数生成算法,生成三个混淆因子,即rb1、rb2和rb3,并使用这三个混淆因子分别对家庭工作人数2人进行偏移运算,即可得到三个偏移因子,即b1、b2和b3。机构C通过在椭圆曲线数域上使用随机数生成算法,生成三个混淆因子,即rc1、rc2和rc3,并使用这三个混淆因子分别对工作年限5年进行偏移运算,即可得到三个偏移因子,即c1、c2和c3。机构A、机构B以及机构C通过安全信道,按照上述第一种可能的实现方式进行混淆因子、偏移因子的数据交互。基于此,最终,机构A获得三个混淆因子ra1、rb1和rc1,三个偏移因子a1、b1和c1;机构B获得三个混淆因子ra2、rb2和rc2,三个偏移因子a2、b2和c2;机构C获得三个混淆因子ra3、rb3和rc3,三个偏移因子a3、b3和c3。机构A按照本发明实施例提供的生成密文分片的方式,通过使用混淆因子ra1、rb1、rc1以及偏移因子a1、b1、c1在椭圆曲线数域上进行数学运算,即可生成用于确定数据计算结果的密文分片SA,并将密文分片SA发送给数据请求方;机构B按照本发明实施例提供的生成密文分片的方式,通过使用混淆因子ra2、rb2、rc2以及偏移因子a2、b2、c2在椭圆曲线数域上进行数学运算,即可生成用于确定数据计算结果的密文分片SB,并将密文分片SB发送给数据请求方;机构C按照本发明实施例提供的生成密文分片的方式,通过使用混淆因子ra3、rb3、rc3以及偏移因子a3、b3、c3在椭圆曲线数域上进行数学运算,即可生成用于确定数据计算结果的密文分片SC,并将密文分片SC发送给数据请求方。数据请求方在接收到密文分片SA、SB以及SC后,通过在椭圆曲线数域上对密文分片SA、SB以及SC进行加和运算,并将加和运算所得的结果与3进行除法运算,即可准确地计算出数据计算结果,即(SA+SB+SC)/3=10*2*5=100万元。也即是,在机构A、机构B以及机构C分别不泄露各自的隐私数据(即10万元、2个人、5年)的前提下,获取某一户家庭的家庭总收入100万元。For example, organization A has a per capita average income, such as 100,000 yuan, organization B has the number of household workers, such as 2 people, and organization C has working years, such as 5 years of work, and these three organizations need to not disclose their private data Complete the household gross income for a single household or the individual household gross income for multiple households without premise. That is, by adopting the technical solution of the above-mentioned data processing method based on secure multi-party computing provided by the embodiment of the present invention, institution A generates three confusion factors, namely ra1, ra2 and ra3, by using a random number generation algorithm on the elliptic curve number field, And use these three confusion factors to carry out the offset operation on the amount of 100,000 yuan respectively, and you can get three offset factors, namely a1, a2 and a3. In the same way, organization B generates three confusion factors, rb1, rb2 and rb3, by using a random number generation algorithm on the elliptic curve number field, and uses these three confusion factors to perform offset operations on the number of household workers and 2 persons respectively. Three offset factors can be obtained, namely b1, b2 and b3. Institution C uses a random number generation algorithm on the elliptic curve number field to generate three confusion factors, namely rc1, rc2, and rc3, and uses these three confusion factors to perform offset operations on the working years of 5 years respectively, to obtain three offset factors, namely c1, c2 and c3. Institution A, institution B, and institution C perform data exchange of confusion factors and offset factors through the secure channel according to the above-mentioned first possible implementation manner. Based on this, in the end, institution A obtains three confusion factors ra1, rb1 and rc1, and three offset factors a1, b1 and c1; institution B obtains three confusion factors ra2, rb2 and rc2, and three offset factors a2 and b2 and c2; Agency C obtains three confounding factors ra3, rb3 and rc3, and three offset factors a3, b3 and c3. According to the method of generating ciphertext fragments provided by the embodiment of the present invention, mechanism A can generate Determine the ciphertext slice SA of the data calculation result, and send the ciphertext slice SA to the data requester; organization B generates the ciphertext slice according to the method provided by the embodiment of the present invention, by using the confusion factors ra2, rb2, rc2 And the offset factors a2, b2, c2 perform mathematical operations on the elliptic curve number field to generate the ciphertext fragment SB used to determine the data calculation result, and send the ciphertext fragment SB to the data requester; institution C According to the method of generating ciphertext fragments provided by the embodiment of the present invention, by using the confusion factors ra3, rb3, rc3 and offset factors a3, b3, c3 to perform mathematical operations on the elliptic curve number field, the data used to determine Calculate the ciphertext fragment SC of the result, and send the ciphertext fragment SC to the data requester. After receiving the ciphertext fragments SA, SB and SC, the data requester performs summing operation on the ciphertext fragmentation SA, SB and SC on the elliptic curve number field, and calculates the result of the summation with 3 The calculation result of the data can be accurately calculated by the division operation, that is, (SA+SB+SC)/3=10*2*5=1 million yuan. That is, under the premise that Institution A, Institution B, and Institution C do not disclose their private data (that is, 100,000 yuan, 2 individuals, 5 years), the total household income of a certain family is 1 million yuan.
上述实施例表明,由于现有乘法函数运算的安全多方计算因依赖复杂的密码学协议,因此在乘法函数运算过程中各参与者的交互轮数会比较多,导致多方输入场景下针对乘法函数运算的效率低。基于此,本发明中的技术方案中的第一计算节点在检测到数据计算请求时,即可开始生成密文分片的数据运算操作。即,基于第一计算节点的隐私数据生成N个第一混淆信息,并将N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二 计算节点。同时,也会接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片。然后,将密文分片发送给数据请求方,以便数据请求方能够及时有效地根据N个密文分片确定出数据计算结果。如此,该方案不仅可以在不泄露各计算节点的隐私数据的前提下能够完成针对数据计算请求的计算过程,以便确保各计算节点的隐私数据的安全性,而且只需要各计算节点之间进行一轮交互即可完成各计算节点针对密文分片的生成流程,以便解决现有技术中的技术方案在计算过程中需要各参与方的交互轮数较多的问题,并可以有效地减少在确定数据计算结果的过程中各计算节点进行数据交互所消耗的网络资源,从而可以有效地提高安全多方计算的效率。The above-mentioned embodiment shows that, because the secure multi-party calculation of the existing multiplication function operation relies on complex cryptographic protocols, the number of interaction rounds of each participant during the multiplication function operation process will be relatively large, resulting in multiple input scenarios for the multiplication function operation. The efficiency is low. Based on this, when the first computing node in the technical solution of the present invention detects a data computing request, it can start a data computing operation for generating ciphertext fragments. That is, N pieces of first obfuscation information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscation information among the N pieces of first obfuscation information are sent to N-1 second computing nodes respectively. At the same time, it will also receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate a ciphertext fragment for determining the data calculation result based on the first reserved obfuscation message and the N-1 second obfuscation messages . Then, the ciphertext fragments are sent to the data requesting party, so that the data requesting party can timely and effectively determine the data calculation result according to the N ciphertext fragments. In this way, the scheme can not only complete the calculation process for the data calculation request without disclosing the private data of each computing node, so as to ensure the security of the private data of each computing node, but also only needs to carry out a process between computing nodes. Rounds of interaction can complete the generation process of each computing node for ciphertext fragmentation, so as to solve the problem that the technical solutions in the prior art require a large number of interaction rounds for each participant in the calculation process, and can effectively reduce the number of rounds in the determination process. In the process of data calculation results, the network resources consumed by each computing node for data interaction can effectively improve the efficiency of secure multi-party computing.
基于相同的技术构思,图3示例性的示出了本发明实施例提供的一种数据处理装置,该装置可以执行数据处理方法的流程。其中,本发明实施例中的数据处理方法适用于具有N个计算节点的安全多方计算系统。Based on the same technical concept, FIG. 3 exemplarily shows a data processing device provided by an embodiment of the present invention, and the device can execute the flow of the data processing method. Wherein, the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
如图3所示,该装置包括:As shown in Figure 3, the device includes:
第一生成单元301,用于在检测到数据计算请求时,基于第一计算节点的隐私数据生成N个第一混淆信息,并将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点;所述第一计算节点为所述N个计算节点中的任一个;所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;The first generating unit 301 is configured to generate N pieces of first obfuscation information based on the private data of the first computing node when a data calculation request is detected, and generate N-1 pieces of first obfuscation information among the N pieces of first obfuscation information. The confusion information is sent to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is any one of the N computing nodes except the first any computing node other than a computing node;
第一处理单元302,用于接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一保留混淆消息是所述N个第一混淆信息中除发送给N-1个第二计算节点之外的第一混淆信息;将所述密文分片发送给数据请求方;所述数据请求方用于根据N个密文分片确定出数据计算结果。The first processing unit 302 is configured to receive the second obfuscation information generated by each of the N-1 second computing nodes, and generate information for determining a data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Ciphertext fragmentation; the first reserved obfuscation message is the first obfuscation information sent to the N-1 second computing nodes in the N first obfuscation information; the ciphertext fragmentation is sent to A data requester; the data requester is used to determine the data calculation result according to the N ciphertext fragments.
可选地,所述第一生成单元301具体用于:Optionally, the first generating unit 301 is specifically configured to:
生成符合安全多方计算机制的N个随机数,并将所述N个随机数作为N个混淆因子;Generate N random numbers conforming to the secure multi-party computing mechanism, and use the N random numbers as N confusion factors;
针对每个混淆因子,根据所述混淆因子和所述第一计算节点的隐私数据,生成偏移因子,并将所述混淆因子和所述偏移因子确定为第一混淆信息。For each obfuscation factor, an offset factor is generated according to the obfuscation factor and the private data of the first computing node, and the obfuscation factor and the offset factor are determined as first obfuscation information.
可选地,所述第一生成单元301具体用于:Optionally, the first generating unit 301 is specifically configured to:
通过在椭圆曲线数域上使用随机数生成算法,生成N-1个随机数;Generate N-1 random numbers by using a random number generation algorithm on the elliptic curve number field;
基于所述N-1个随机数,生成第N个随机数。Based on the N-1 random numbers, an Nth random number is generated.
可选地,所述第一处理单元302具体用于:Optionally, the first processing unit 302 is specifically configured to:
基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片;Based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages, determine a first type of sub-ciphertext fragmentation;
基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片;Based on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages, determine a second type of sub-ciphertext fragmentation;
针对N个偏移因子中的任一偏移因子,根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片;For any offset factor in the N offset factors, determine the third type of sub-ciphertext fragmentation according to the offset factor and the N-1 confusion factors other than the confusion factor corresponding to the offset factor;
根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片。According to the first type of sub-ciphertext fragments, the second type of sub-ciphertext fragments and the third type of sub-ciphertext fragments, a ciphertext fragment for determining a data calculation result is generated.
可选地,所述第一类子密文分片、所述第二类子密文分片或所述第三类子密文分片是所述第一计算节点按照椭圆曲线数域上的数域乘法机制生成的。Optionally, the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation or the third type of sub-ciphertext fragmentation is performed by the first calculation node according to the elliptic curve number field Generated by the number field multiplication mechanism.
可选地,所述第一处理单元302具体用于:Optionally, the first processing unit 302 is specifically configured to:
通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,生成所述第一类子密文分片。The first type of sub-ciphertext fragment is generated by performing number-field multiplication on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages on the elliptic curve number field.
可选地,所述第一处理单元302具体用于:Optionally, the first processing unit 302 is specifically configured to:
通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,生成所述第二类子密文分片。Generate the second type of sub-ciphertext fragmentation by performing number field multiplication on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages on the elliptic curve number field .
可选地,所述第一处理单元302具体用于:Optionally, the first processing unit 302 is specifically configured to:
针对N个偏移因子中的任一偏移因子,通过在椭圆曲线数域上对所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,生成所述第三类子密文分片。For any offset factor in the N offset factors, perform number field multiplication on the N-1 confusion factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field operation to generate the third type of sub-ciphertext fragments.
可选地,所述第一处理单元302具体用于:Optionally, the first processing unit 302 is specifically configured to:
通过在椭圆曲线数域上对所述第一类子密文分片、所述第二类子密文分片以及所述第三类子密文分片进行数加减和数乘运算,生成用于确定数据计算结果的密文分片。By performing number addition, subtraction and multiplication operations on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation on the elliptic curve number field, generate The ciphertext fragment used to determine the result of data calculation.
基于相同的技术构思,图4示例性的示出了本发明实施例提供的另一种数据处理装置,该装置可以执行数据处理方法的流程。其中,本发明实施例中的数据处理方法适用于具有N个计算节点的安全多方计算系统。Based on the same technical concept, FIG. 4 exemplarily shows another data processing device provided by an embodiment of the present invention, and the device can execute the flow of the data processing method. Wherein, the data processing method in the embodiment of the present invention is applicable to a secure multi-party computing system with N computing nodes.
如图4所示,该装置包括:As shown in Figure 4, the device includes:
第二生成单元401,用于生成用于获取密文分片的数据计算请求;The second generating unit 401 is configured to generate a data calculation request for obtaining ciphertext fragments;
第二处理单元402,用于将所述数据计算请求分别发送给所述N个计算节点;第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点,并根据第一保留混淆消息以及所述N-1个第二计算节点生成的N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一计算节点为所述N个计算节点中的任一个,所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;接收所述N个计算节点各自发送的密文分片;根据N个密文分片,确定出数据计算结果。The second processing unit 402 is configured to send the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generate Nth computing nodes based on the private data of the first computing node One obfuscation information, sending N-1 first obfuscation information among the N first obfuscation information to N-1 second computing nodes respectively, and retaining the obfuscation information according to the first and the N-1 first obfuscation information The N-1 second confusion messages generated by two computing nodes generate ciphertext fragments used to determine data calculation results; the first computing node is any one of the N computing nodes, and the second computing The node is any computing node in the N computing nodes except the first computing node; receiving the ciphertext fragments sent by the N computing nodes; according to the N ciphertext fragments, determine the data calculation result.
可选地,所述第二处理单元402具体用于:Optionally, the second processing unit 402 is specifically configured to:
通过在椭圆曲线数域上对所述N个密文分片进行数加运算,得到数加运算后的数据结果;By performing numerical addition on the N ciphertext fragments on the elliptic curve number field, a data result after the numerical addition is obtained;
将所述数加运算后的数据结果与N的比值,确定为所述数据计算结果。The ratio of the data result after the addition operation to N is determined as the data calculation result.
基于相同的技术构思,本发明实施例还提供了一种计算设备,如图5所示,包括至少一个处理器501,以及与至少一个处理器连接的存储器502,本发明实施例中不限定处理器501与存储器502之间的具体连接介质,图5中处理器501和存储器502之间通过总线连接为例。总线可以分为地址总线、数据总线、控制总线等。Based on the same technical concept, an embodiment of the present invention also provides a computing device, as shown in FIG. 5 , including at least one processor 501 and a memory 502 connected to the at least one processor. The specific connection medium between the processor 501 and the memory 502, the connection between the processor 501 and the memory 502 in FIG. 5 is taken as an example. The bus can be divided into address bus, data bus, control bus and so on.
在本发明实施例中,存储器502存储有可被至少一个处理器501执行的指令,至少一个处理器501通过执行存储器502存储的指令,可以执行前述的数据处理方法中所包括的步骤。In the embodiment of the present invention, the memory 502 stores instructions executable by at least one processor 501, and at least one processor 501 can execute the steps included in the aforementioned data processing method by executing the instructions stored in the memory 502.
其中,处理器501是计算设备的控制中心,可以利用各种接口和线路连接计算设备的各个部分,通过运行或执行存储在存储器502内的指令以及调用存储在存储器502内的数据,从而实现数据处理。可选的,处理器501可包括一个或多个处理单元,处理器501可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应 用程序等,调制解调处理器主要处理下发指令。可以理解的是,上述调制解调处理器也可以不集成到处理器501中。在一些实施例中,处理器501和存储器502可以在同一芯片上实现,在一些实施例中,它们也可以在独立的芯片上分别实现。Among them, the processor 501 is the control center of the computing device, which can use various interfaces and lines to connect various parts of the computing device, by running or executing instructions stored in the memory 502 and calling data stored in the memory 502, thereby realizing data deal with. Optionally, the processor 501 may include one or more processing units, and the processor 501 may integrate an application processor and a modem processor. The call processor mainly handles issuing instructions. It can be understood that the foregoing modem processor may not be integrated into the processor 501 . In some embodiments, the processor 501 and the memory 502 can be implemented on the same chip, and in some embodiments, they can also be implemented on independent chips.
处理器501可以是通用处理器,例如中央处理器(CPU)、数字信号处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件,可以实现或者执行本发明实施例中公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合数据处理方法实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。The processor 501 can be a general processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in the embodiments of the data processing method can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
存储器502作为一种非易失性计算机可读存储介质,可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块。存储器502可以包括至少一种类型的存储介质,例如可以包括闪存、硬盘、多媒体卡、卡型存储器、随机访问存储器(Random Access Memory,RAM)、静态随机访问存储器(Static Random Access Memory,SRAM)、可编程只读存储器(Programmable Read Only Memory,PROM)、只读存储器(Read Only Memory,ROM)、带电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,EEPROM)、磁性存储器、磁盘、光盘等等。存储器502是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。本发明实施例中的存储器502还可以是电路或者其它任意能够实现存储功能的装置,用于存储程序指令和/或数据。The memory 502, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules. Memory 502 may include at least one type of storage medium, for example, may include flash memory, hard disk, multimedia card, card memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk , CD, etc. Memory 502 is, but is not limited to, any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 502 in the embodiment of the present invention may also be a circuit or any other device capable of implementing a storage function, and is used for storing program instructions and/or data.
基于相同的技术构思,本发明实施例还提供了一种计算机可读存储介质,其存储有可由计算设备执行的计算机程序,当所述程序在所述计算设备上运行时,使得所述计算设备执行上述数据处理方法的步骤。Based on the same technical idea, an embodiment of the present invention also provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program is run on the computing device, the computing device Execute the steps of the above data processing method.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个 方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of this application and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (10)

  1. 一种数据处理方法,其特征在于,适用于具有N个计算节点的安全多方计算系统,所述方法包括:A data processing method, characterized in that it is applicable to a secure multi-party computing system with N computing nodes, the method comprising:
    第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,并将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点;所述第一计算节点为所述N个计算节点中的任一个;所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;When the first computing node detects a data computing request, it generates N pieces of first obfuscation information based on the private data of the first computing node, and sends N-1 pieces of first obfuscation information among the N pieces of first obfuscation information Send to N-1 second computing nodes respectively; the first computing node is any one of the N computing nodes; the second computing node is the N computing nodes except the first computing node Any computing node other than a node;
    所述第一计算节点接收N-1个第二计算节点各自生成的第二混淆信息,并根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一保留混淆消息是所述N个第一混淆信息中除发送给N-1个第二计算节点之外的第一混淆信息;The first computing node receives the second obfuscation information generated by each of the N-1 second computing nodes, and generates a ciphertext for determining the data calculation result according to the first reserved obfuscation message and the N-1 second obfuscation messages Fragmentation; the first reserved confusion message is the first confusion information sent to N-1 second computing nodes in the N first confusion information;
    所述第一计算节点将所述密文分片发送给数据请求方;所述数据请求方用于根据N个密文分片确定出数据计算结果。The first calculation node sends the ciphertext fragments to a data requester; the data requester is used to determine a data calculation result according to the N ciphertext fragments.
  2. 如权利要求1所述的方法,其特征在于,所述基于所述第一计算节点的隐私数据生成N个第一混淆信息,包括:The method according to claim 1, wherein the generating N pieces of first confusion information based on the private data of the first computing node comprises:
    所述第一计算节点生成符合安全多方计算机制的N个随机数,并将所述N个随机数作为N个混淆因子;The first computing node generates N random numbers conforming to the secure multi-party computing mechanism, and uses the N random numbers as N confusion factors;
    针对每个混淆因子,所述第一计算节点根据所述混淆因子和所述第一计算节点的隐私数据,生成偏移因子,并将所述混淆因子和所述偏移因子确定为第一混淆信息。For each obfuscation factor, the first computing node generates an offset factor according to the obfuscation factor and the privacy data of the first computing node, and determines the obfuscation factor and the offset factor as a first obfuscation factor information.
  3. 如权利要求2所述的方法,其特征在于,所述第一计算节点生成符合安全多方计算机制的N个随机数,包括:The method according to claim 2, wherein the first computing node generates N random numbers conforming to a secure multi-party computing mechanism, including:
    所述第一计算节点通过在椭圆曲线数域上使用随机数生成算法,生成N-1个随机数;The first computing node generates N-1 random numbers by using a random number generation algorithm on the elliptic curve number field;
    所述第一计算节点基于所述N-1个随机数,生成第N个随机数。The first computing node generates an Nth random number based on the N-1 random numbers.
  4. 如权利要求1所述的方法,其特征在于,所述根据第一保留混淆消息以及N-1个第二混淆消息,生成用于确定数据计算结果的密文分片,包括:The method according to claim 1, wherein the generation of ciphertext fragments for determining data calculation results according to the first reserved confusion message and N-1 second confusion messages comprises:
    所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片;The first computing node determines a first type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages;
    所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片;The first computing node determines a second type of sub-ciphertext fragmentation based on the first reserved obfuscation message and the N offset factors in the N-1 second obfuscation messages;
    针对N个偏移因子中的任一偏移因子,所述第一计算节点根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片;For any offset factor among the N offset factors, the first computing node determines the third type of Sub-ciphertext fragmentation;
    所述第一计算节点根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片。The first calculation node generates ciphertext for determining data calculation results according to the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation Fragmentation.
  5. 如权利要求4所述的方法,其特征在于,所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子,确定第一类子密文分片,包括:The method according to claim 4, wherein the first computing node determines the first class subclass based on the first reserved obfuscation message and the N obfuscation factors in the N-1 second obfuscation messages. Ciphertext fragmentation, including:
    所述第一计算节点通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个混淆因子进行数域乘法运算,生成所述第一类子密文分片。The first calculation node generates the first type by performing number field multiplication on the first reserved confusion message and the N confusion factors in the N-1 second confusion messages on the elliptic curve number field. Sub-ciphertext fragmentation.
  6. 如权利要求4所述的方法,其特征在于,所述第一计算节点基于所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子,确定第二类子密文分片,包括:The method according to claim 4, wherein the first computing node determines the second type of Sub-ciphertext fragmentation, including:
    所述第一计算节点通过在椭圆曲线数域上对所述第一保留混淆消息以及所述N-1个第二混淆消息中的N个偏移因子进行数域乘法运算,生成所述第二类子密文分片。The first calculation node generates the second by performing number field multiplication on the first reserved confusion message and the N offset factors in the N-1 second confusion messages on the elliptic curve number field. Class subciphertext sharding.
  7. 如权利要求4所述的方法,其特征在于,针对N个偏移因子中的任一偏移因子,所述第一计算节点根据所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子,确定第三类子密文分片,包括:The method according to claim 4, wherein, for any offset factor among the N offset factors, the first calculation node calculates the offset factor according to the difference between the offset factor and the confusion factor corresponding to the offset factor. Out of the N-1 confusion factors, determine the third type of sub-ciphertext fragmentation, including:
    针对N个偏移因子中的任一偏移因子,所述第一计算节点通过在椭圆曲线数域上对所述偏移因子及所述偏移因子对应的混淆因子之外的N-1个混淆因子进行数域乘法运算,生成所述第三类子密文分片。For any offset factor among the N offset factors, the first calculation node uses the N-1 offset factors other than the offset factor and the confusion factor corresponding to the offset factor on the elliptic curve number field The confusion factor performs a multiplication operation in the number field to generate the third type of sub-ciphertext fragments.
  8. 如权利要求4所述的方法,其特征在于,所述第一计算节点根据所述第一类子密文分片、所述第二类子密文分片和所述第三类子密文分片,生成用于确定数据计算结果的密文分片,包括:The method according to claim 4, wherein the first computing node is based on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation and the third type of sub-ciphertext Fragmentation, generating ciphertext fragmentation for determining data calculation results, including:
    所述第一计算节点通过在椭圆曲线数域上对所述第一类子密文分片、所述第二类子密文分片以及所述第三类子密文分片进行数加减和数乘运算,生成用于确定数据计算结果的密文分片。The first calculation node performs number addition and subtraction on the first type of sub-ciphertext fragmentation, the second type of sub-ciphertext fragmentation, and the third type of sub-ciphertext fragmentation on the elliptic curve number field and multiplication operation to generate ciphertext fragments for determining data calculation results.
  9. 一种数据处理方法,其特征在于,适用于具有N个计算节点的安全多方计算系统,所述方法包括:A data processing method, characterized in that it is applicable to a secure multi-party computing system with N computing nodes, the method comprising:
    数据请求方生成用于获取密文分片的数据计算请求;The data requester generates a data calculation request for obtaining ciphertext fragments;
    所述数据请求方将所述数据计算请求分别发送给所述N个计算节点;第一计算节点在检测到数据计算请求时,基于所述第一计算节点的隐私数据生成N个第一混淆信息,将所述N个第一混淆信息中的N-1个第一混淆信息分别发送给N-1个第二计算节点,并根据第一保留混淆消息以及所述N-1个第二计算节点生成的N-1个第二混淆消息,生成用于确定数据计算结果的密文分片;所述第一计算节点为所述N个计算节点中的任一个,所述第二计算节点为所述N个计算节点中除所述第一计算节点以外的任一计算节点;The data requester sends the data calculation request to the N computing nodes respectively; when the first computing node detects the data computing request, generates N pieces of first confusion information based on the private data of the first computing node , sending N-1 first obfuscated information among the N first obfuscated information to N-1 second computing nodes, and retaining the obfuscated information according to the first and the N-1 second computing nodes The generated N-1 second confusion messages generate ciphertext fragments used to determine data calculation results; the first computing node is any one of the N computing nodes, and the second computing node is all Any computing node except the first computing node among the N computing nodes;
    所述数据请求方接收所述N个计算节点各自发送的密文分片;The data requester receives the ciphertext fragments sent by the N computing nodes respectively;
    所述数据请求方根据N个密文分片,确定出数据计算结果。The data requester determines the data calculation result according to the N ciphertext fragments.
  10. 如权利要求9所述的方法,其特征在于,所述数据请求方根据N个密文分片,确定出数据计算结果,包括:The method according to claim 9, wherein the data requester determines the data calculation result according to the N ciphertext fragments, including:
    所述数据请求方通过在椭圆曲线数域上对所述N个密文分片进行数加运算,得到数加运算后的数据结果;The data requester obtains the data result after the numerical addition by performing numerical addition on the N ciphertext fragments on the elliptic curve number field;
    所述数据请求方将所述数加运算后的数据结果与N的比值,确定为所述数据计算结果。The data requester determines the ratio of the data result after the addition operation to N as the data calculation result.
PCT/CN2021/131306 2021-07-30 2021-11-17 Data processing method WO2023005066A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110873970.2A CN113343283B (en) 2021-07-30 2021-07-30 Data processing method
CN202110873970.2 2021-07-30

Publications (1)

Publication Number Publication Date
WO2023005066A1 true WO2023005066A1 (en) 2023-02-02

Family

ID=77480478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/131306 WO2023005066A1 (en) 2021-07-30 2021-11-17 Data processing method

Country Status (2)

Country Link
CN (1) CN113343283B (en)
WO (1) WO2023005066A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343283B (en) * 2021-07-30 2021-10-15 深圳前海微众银行股份有限公司 Data processing method
CN114024674A (en) * 2021-11-23 2022-02-08 支付宝(杭州)信息技术有限公司 Method and system for comparing two parties safely
CN115361131B (en) * 2022-10-21 2022-12-13 华控清交信息科技(北京)有限公司 Ciphertext data calculation method and device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241016A (en) * 2018-08-14 2019-01-18 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109255247A (en) * 2018-08-14 2019-01-22 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN111064579A (en) * 2019-12-11 2020-04-24 北京金汤科技有限公司 Block chain-based secure multi-party computing method, system and storage medium
US20210184831A1 (en) * 2019-12-17 2021-06-17 Microchip Technology Incorporated Obfuscating cryptographic parameters used in elliptical curve cryptography, and related systems and devices
CN113343283A (en) * 2021-07-30 2021-09-03 深圳前海微众银行股份有限公司 Data processing method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756442B (en) * 2017-11-01 2020-04-24 清华大学 Data statistics method, device and equipment based on garbled circuit
CN109388960A (en) * 2018-10-24 2019-02-26 全链通有限公司 Information sharing and multi-party computations model based on block chain
CN110998579B (en) * 2019-01-11 2023-08-22 创新先进技术有限公司 Privacy-preserving distributed multi-party security model training framework
CN111931250B (en) * 2019-07-11 2024-03-22 华控清交信息科技(北京)有限公司 Multiparty safe calculation integrated machine
CN112464174B (en) * 2020-10-27 2023-09-29 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party security computing software and device for verification
CN112906044B (en) * 2021-05-10 2021-07-30 腾讯科技(深圳)有限公司 Multi-party security calculation method, device, equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241016A (en) * 2018-08-14 2019-01-18 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109255247A (en) * 2018-08-14 2019-01-22 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN111064579A (en) * 2019-12-11 2020-04-24 北京金汤科技有限公司 Block chain-based secure multi-party computing method, system and storage medium
US20210184831A1 (en) * 2019-12-17 2021-06-17 Microchip Technology Incorporated Obfuscating cryptographic parameters used in elliptical curve cryptography, and related systems and devices
CN113343283A (en) * 2021-07-30 2021-09-03 深圳前海微众银行股份有限公司 Data processing method

Also Published As

Publication number Publication date
CN113343283B (en) 2021-10-15
CN113343283A (en) 2021-09-03

Similar Documents

Publication Publication Date Title
WO2023005066A1 (en) Data processing method
US11677566B2 (en) Systems and methods for signing of a message
US20230087864A1 (en) Secure multi-party computation method and apparatus, device, and storage medium
Pibernik et al. Secure collaborative supply chain planning and inverse optimization–The JELS model
CN110166446B (en) Method for realizing geographical weighted average center based on safe multi-party calculation
CN112087439B (en) Block chain transaction query method, system, computer device and storage medium
CN113708930B (en) Data comparison method, device, equipment and medium for private data
CN111475854A (en) Collaborative computing method and system for protecting data privacy of two parties
US11265166B2 (en) Distributed machine learning via secure multi-party computation and ensemble learning
JP2022531593A (en) Systems and methods for adding and comparing integers encrypted by quasigroup operations in AES counter mode encryption
CN114296922A (en) Multi-party data processing method, system, electronic device and storage medium
CN113591097A (en) Service data processing method and device, electronic equipment and storage medium
CN111917533A (en) Privacy preserving benchmark analysis with leakage reducing interval statistics
CN113434906B (en) Data query method, device, computer equipment and storage medium
CN114884675A (en) Multi-party privacy intersection method, device, equipment and medium based on bit transmission
CN112953700B (en) Method, system and storage medium for improving safe multiparty computing efficiency
Almutairi et al. Secure Third Party Data Clustering Using Data: Multi-User Order Preserving Encryption and Super Secure Chain Distance Matrices (Best Technical Paper)
CN117353912A (en) Three-party privacy set intersection base number calculation method and system based on bilinear mapping
CN116743376A (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
Xu et al. Verifiable computation with access control in cloud computing
CN114327486B (en) Method, device and medium for realizing multiparty security calculation based on domain-specific language
CN115412364B (en) Method, system and medium for safely solving intersection of multiple parties without third party
CN116566678A (en) Method and system for safely calculating data size relation in multi-party data
CN110837633B (en) Intelligent certificate implementation method and system and readable storage medium
CN116112157A (en) Secure multiparty computing data and value method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21951638

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE