WO2023197468A1 - Method for ensuring correct truncation under secret sharing - Google Patents
Method for ensuring correct truncation under secret sharing Download PDFInfo
- Publication number
- WO2023197468A1 WO2023197468A1 PCT/CN2022/103677 CN2022103677W WO2023197468A1 WO 2023197468 A1 WO2023197468 A1 WO 2023197468A1 CN 2022103677 W CN2022103677 W CN 2022103677W WO 2023197468 A1 WO2023197468 A1 WO 2023197468A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secret sharing
- truncation
- data
- owns
- random number
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 239000012634 fragment Substances 0.000 claims abstract description 20
- 238000004364 calculation method Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Definitions
- the invention relates to the field of computer software, and in particular to a method for ensuring correct Truncation under secret sharing.
- Secure Multi-Party Computation mainly solves the problem of how multiple participants can successfully complete calculations without revealing their inputs to each other.
- Password sharing is one way to implement MPC.
- the original data will exist in the form of shards among all parties, making it impossible for all parties to easily restore the original data.
- x x1+x2+x3; the original data x is divided into three servers: x1, x2, and x3. In this way, no server can restore the original data x.
- addition and multiplication need to be redefined so that the calculation results can be the same as those calculated directly using the original data.
- addition can be defined the same as daily addition, but multiplication is very different from daily multiplication, and many factors need to be considered to ensure its accuracy.
- Truncation is a key step in realizing multiplication under secret sharing, and Truncation means truncation.
- the purpose of the present invention is to overcome the shortcomings of the existing technology and provide a relatively simple method for ensuring correct Truncation under secret sharing that ensures correct local Truncation.
- Step S1 perform secret sharing operation on the original data, including at least two secret sharing parties
- Step S2 one of the secret sharing parties is local Generate at least 1 random number, use the random number to fragment the data it has after the secret sharing operation, and send the fragmented data to other secret sharing parties; among them, when generating random numbers, keep the highest value of each random number bit and the second highest bit are the same
- Step S3 After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the original shared secret sharing operation
- Step S4 Each secret sharing party performs local Truncation.
- step S4 when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last k Bit.
- step S1 the secret sharing operation on the original data is performed in an integer ring.
- step S1 when the secret sharing operation is performed on the original data, the int type variable operation is performed on the integer ring.
- step S1 when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring.
- the method for ensuring correct Truncation under secret sharing includes the following steps: Step S1: perform a secret sharing operation on the original data x.
- step S4 when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns.
- Data y1 is Truncation; its last k bits are truncated.
- step S4 when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns.
- Data y1 is Truncation; its last 2 digits are truncated.
- the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers after a round of password sharing communication, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; In this way, it can be ensured that errors will not occur when the password sharing party performs local truncation; this can ensure that the local truncation is correct; it is an efficient truncation method.
- This embodiment provides a method to ensure correct Truncation under secret sharing.
- the method includes step S1: performing a secret sharing operation on the original data.
- the secret sharing parties include at least 2; among them, the number of secret sharing parties can be determined according to the actual situation. The situation is determined.
- the priority of this embodiment is 2, and when performing secret sharing operation on the original data, it is performed in the integer ring. For example, int type variable operation is performed on the integer ring, in which int8 type variables can be used. Operation, int16 type variable operation, int32 type variable operation, etc.
- step S2 One of the secret sharing parties generates at least 1 random number locally, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating When generating random numbers, keep the highest and second highest bits of each random number the same; and, Step S3: After other secret sharing parties receive the fragmented data, they will compare the received fragmented data with the data they have after the original secret sharing operation. Merge; Step S4: Each secret sharing party performs local Truncation respectively. When each secret sharing party performs local truncation respectively, it truncates the total data it owns and truncates its last k bits. Among them, k can be set according to specific actual needs.
- k 13 digits after the decimal point
- the value of k can also be set according to other needs, and there are no restrictions here.
- one example is:
- Step S1 Perform a secret sharing operation on the original data x.
- Step S2 P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
- Step S4 P0 and P1 each perform local Truncation.
- step S4 when P0 and P1 each perform local Truncation, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last two bits are truncated respectively.
- SecureML adopts the method of directly performing local truncation on sharded data. details as follows:
- int-type variables This involves the representation of int-type variables in computers.
- a variable of type int is an integer, its highest bit is 0; if it is a negative number, its highest bit is 1.
- -1 is represented by 8 bits in the computer, that is, int8, then (11111111) 2 represents -1.
- 1 is represented by int8: (00000001) 2 .
- the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; in this way, it can be guaranteed When the password sharing party performs local truncation, errors will not occur; this can ensure that the local truncation is correct; it is an efficient truncation method.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Disclosed in the present invention is a method for ensuring correct Truncation under secret sharing, comprising: S1, performing secret sharing operation on original data, wherein there are at least two secret sharing parties; S2, one secret sharing party locally generating at least one random number, using the random data to fragment data the secret sharing party owns after the secret sharing operation, and sending data fragments to the rest of the secret sharing parties, wherein when generating the random number, the most significant bit and the second most significant bit of each random number are kept the same; S3, after receiving the data fragments, the rest of the secret sharing parties merging the received data fragments with original data the rest of the secret sharing parties own after the secret sharing operation; and S4, the secret sharing parties separately performing local Truncation. The present invention can ensure that Truncation errors do not occur, thereby ensuring correct local Truncation; and the method is an efficient Truncation method.
Description
本发明涉及计算机软件领域,尤其涉及的是一种秘密共享下保证Truncation正确的方法。The invention relates to the field of computer software, and in particular to a method for ensuring correct Truncation under secret sharing.
在安全多方计算(Multi-Party Computation,简称MPC)主要解决多个参与方在不互相透露各自输入的前提下,如何成功完成计算的问题。Secure Multi-Party Computation (MPC) mainly solves the problem of how multiple participants can successfully complete calculations without revealing their inputs to each other.
MPC目前的应用前景越来越广泛,企业、政府、学术机构和个人间的协同业务需求日趋强烈。一个典型的场景是,人工智能迅猛发展的历程中,数据隐私的需求愈加强烈。AI训练所需的数据,在很多商业场景里由于隐私合规性的原因无法获得,导致无法完成训练或者训练效果很差。隐私AI(PrivacyAI)正试图利用MPC来解决AI计算中的隐私保护问题,即如何在AI训练涉及的数据方不直接暴露明文数据的前提下,完成协同训练和协同预测。The current application prospects of MPC are becoming more and more extensive, and the demand for collaborative business among enterprises, governments, academic institutions and individuals is becoming increasingly strong. A typical scenario is that with the rapid development of artificial intelligence, the demand for data privacy has become stronger. The data required for AI training cannot be obtained in many business scenarios due to privacy compliance reasons, resulting in the inability to complete the training or poor training results. Privacy AI (PrivacyAI) is trying to use MPC to solve the privacy protection problem in AI computing, that is, how to complete collaborative training and collaborative prediction without directly exposing the data involved in AI training to plain text data.
密码分享是实现MPC的一种方式。在秘密分享方案下,原始数据会以分片的形式存在于各方,从而使得各方无法轻易还原出原始数据。例如x=x1+x2+x3;原始数据x就分成了x1,x2,x3分别在三台服务器,这样,任何一台服务器都无法还原出原始数据x。Password sharing is one way to implement MPC. Under the secret sharing scheme, the original data will exist in the form of shards among all parties, making it impossible for all parties to easily restore the original data. For example, x=x1+x2+x3; the original data x is divided into three servers: x1, x2, and x3. In this way, no server can restore the original data x.
在秘密分享下,为了实现算数运算,则需要重新定义加法和乘法,从而使得计算结果能和直接用原始数据进行计算的结果相同。其中,加法可以和日常的加法定义成相同,但是乘法则和日常的乘法迥然不同,需要考虑很多因素,才能保证其正确性。Truncation就是实现秘密分享下乘法的一个关键步骤,Truncation即截去。Under secret sharing, in order to implement arithmetic operations, addition and multiplication need to be redefined so that the calculation results can be the same as those calculated directly using the original data. Among them, addition can be defined the same as daily addition, but multiplication is very different from daily multiplication, and many factors need to be considered to ensure its accuracy. Truncation is a key step in realizing multiplication under secret sharing, and Truncation means truncation.
因此,现有技术存在缺陷,需要改进。Therefore, the existing technology is defective and needs improvement.
发明内容Contents of the invention
本发明的目的是克服现有技术的不足,提供一种相对简单,保证本地Truncation正确的秘密共享下保证Truncation正确的方法。The purpose of the present invention is to overcome the shortcomings of the existing technology and provide a relatively simple method for ensuring correct Truncation under secret sharing that ensures correct local Truncation.
本发明的技术方案如下:一种秘密共享下保证Truncation正确的方法,包括如下步骤:步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其原共秘密享运算后拥有的数据进行合并;步骤S4:各秘密共享方分别进行本地Truncation。The technical solution of the present invention is as follows: a method to ensure correct Truncation under secret sharing, including the following steps: Step S1: perform secret sharing operation on the original data, including at least two secret sharing parties; Step S2: one of the secret sharing parties is local Generate at least 1 random number, use the random number to fragment the data it has after the secret sharing operation, and send the fragmented data to other secret sharing parties; among them, when generating random numbers, keep the highest value of each random number bit and the second highest bit are the same; Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the original shared secret sharing operation; Step S4: Each secret sharing party performs local Truncation.
应用于上述技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位。Applied to the above technical solution, in the method of ensuring correct truncation under secret sharing, in step S4, when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last k Bit.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, the secret sharing operation on the original data is performed in an integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, when the secret sharing operation is performed on the original data, the int type variable operation is performed on the integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,包括如下步骤:步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;步骤S4:P0和P1分别进行本地Truncation。Applied to each of the above technical solutions, the method for ensuring correct Truncation under secret sharing includes the following steps: Step S1: perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 Owns data x0, P1 owns data x1, and x0+x1=x; Step S2: P0 locally generates a random number r, and uses the random number r to fragment the data x0 it owns, and sets r as a new fragment. y0; P0 sends x0-r to P1; when generating a random number r, ensure that the highest bit and the second highest bit of r are the same; Step S3: P1 receives x0-r sent by P0 and sets the new fragment y1=x1 +x0–r; At this time, P0 has y0=r, and P1 has y1=x1+x0–r; and, y0+y1=x0+x1=x; Step S4: P0 and P1 perform local truncation respectively.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;截去其最后k位。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Data y1 is Truncation; its last k bits are truncated.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;截去其最后2位。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Data y1 is Truncation; its last 2 digits are truncated.
采用上述方案,本发明通过在经过一轮密码共享通讯后,采用随机数时,保持随机数的最高位和次高位相同,这样就能使得一方的分片数据能保证最高位和次高位相同;如此,可以保证密码共享方在进行本地Truncation时,错误的情况不发生;这样就能保证本地Truncation正确;是一种高效的Truncation方法。Using the above solution, the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers after a round of password sharing communication, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; In this way, it can be ensured that errors will not occur when the password sharing party performs local truncation; this can ensure that the local truncation is correct; it is an efficient truncation method.
下面将对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be described clearly and completely below. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.
本实施例提供了一种秘密共享下保证Truncation正确的方法,其中,该方法包括步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;其中,秘密共享方的数量可以根据实际情况确定,本实施例优先的为2个,并且,对原始数据进行秘密共享运算时,是在整数环中进行,例如,是在整数环上进 行int型变量运算,其中可以用采用int8型变量运算、int16型变量运算、int32型变量运算等.This embodiment provides a method to ensure correct Truncation under secret sharing. The method includes step S1: performing a secret sharing operation on the original data. The secret sharing parties include at least 2; among them, the number of secret sharing parties can be determined according to the actual situation. The situation is determined. The priority of this embodiment is 2, and when performing secret sharing operation on the original data, it is performed in the integer ring. For example, int type variable operation is performed on the integer ring, in which int8 type variables can be used. Operation, int16 type variable operation, int32 type variable operation, etc.
并且,步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;并且,步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其原秘密共享运算后拥有的数据进行合并;步骤S4:各秘密共享方分别进行本地进行Truncation。各秘密共享方分别进行本地Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位,其中,k可以根据具体实际需要设定,具体是可以在进行多方计算之前,就设置好这个值,例如,根据数据需要保留的精度设置k的数值,比如保留小数点后13位,那么这个k=13,k的数值设定还可以根据其他需要设定,此处不做任何限定。And, step S2: One of the secret sharing parties generates at least 1 random number locally, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating When generating random numbers, keep the highest and second highest bits of each random number the same; and, Step S3: After other secret sharing parties receive the fragmented data, they will compare the received fragmented data with the data they have after the original secret sharing operation. Merge; Step S4: Each secret sharing party performs local Truncation respectively. When each secret sharing party performs local truncation respectively, it truncates the total data it owns and truncates its last k bits. Among them, k can be set according to specific actual needs. Specifically, it can be set before performing multi-party calculations. To set this value, for example, set the value of k according to the precision that the data needs to be retained, such as retaining 13 digits after the decimal point, then k = 13. The value of k can also be set according to other needs, and there are no restrictions here.
例如,一个实施例是:For example, one example is:
步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;
步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;
步骤S4:P0和P1各自分别进行本地Truncation。Step S4: P0 and P1 each perform local Truncation.
并且,步骤S4中,P0和P1各自分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;分别截去其最后2位。Moreover, in step S4, when P0 and P1 each perform local Truncation, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last two bits are truncated respectively.
具体举例:Specific examples:
例如,SecureML采用了直接对分片的数据进行本地Truncation的方法。具体如下:For example, SecureML adopts the method of directly performing local truncation on sharded data. details as follows:
原始数据x;original data x;
对x进行分片:x1=x+r,x2=-r,其中r是随机数。Slice x: x1=x+r, x2=-r, where r is a random number.
本地Truncation:1.截断x1的最低k位。2.截断x2的最低k位。Local Truncation: 1. Truncate the lowest k bits of x1. 2. Truncate the lowest k bits of x2.
正确性:大多数情况下,Truncation的错误不会发生,比如:x=1000,x1=1500,x2=-500;如果本地Truncation数据的后2位,则x1->15,x2->-5,x1+x2=10,正好是原先的数据x截断后两位的结果。Correctness: In most cases, Truncation errors will not occur, for example: x=1000, x1=1500, x2=-500; if the last 2 digits of the local Truncation data are, x1->15, x2->-5 , x1+x2=10, which is exactly the result of truncating the last two digits of the original data x.
错误的产生:Error occurs:
此处涉及到计算机中,int型变量的表示。计算机中,int类型的变量,如果是整数,则其最高位为0;如果是负数,则其最高位为1。例如-1如果在计算机中用8位来表示,即int8,则(11111111)
2就表示-1。1用int8表示:(00000001)
2。
This involves the representation of int-type variables in computers. In computers, if a variable of type int is an integer, its highest bit is 0; if it is a negative number, its highest bit is 1. For example, if -1 is represented by 8 bits in the computer, that is, int8, then (11111111) 2 represents -1. 1 is represented by int8: (00000001) 2 .
下面举个例子,证明本地Truncation会引发错误。The following is an example to prove that local Truncation will cause errors.
x=(00011101)
2;
x=(00011101) 2 ;
x1=x+r,x2=-r,令r=(01110000)
2;
x1=x+r, x2=-r, let r=(01110000) 2 ;
此时,x1=x+r=(10001101)
2,x2=-r=(10010000)
2;
At this time, x1=x+r=(10001101) 2 , x2=-r=(10010000) 2 ;
所以截断数据后两位:x1->(11100011)
2,x2->(11100100)
2,x1+x2=(10000111)
2;
Therefore, the last two digits of the data are truncated: x1->(11100011) 2 , x2->(11100100) 2 , x1+x2=(10000111) 2 ;
而x截断数据后两位:x->(00000111)
2;
And x truncates the last two digits of the data: x->(00000111) 2 ;
x!=x1+x2;x! =x1+x2;
因此发生错误。Hence the error occurs.
即,当MSB(x)!=MSB(x1)=MSB(x2)时,其中,MSB为最高有效位;会引发truncation错误。That is, when MSB(x)! =MSB(x1)=MSB(x2), where MSB is the most significant bit; a truncation error will occur.
如此,保证了r在整数环的最高位和次高位相同时,就能保证MSB(x)!=MSB(x1)=MSB(x2)的情况不发生。这样就能保证本地Truncation正确。In this way, it is guaranteed that when the highest bit and the second highest bit of r are the same in the integer ring, MSB(x) can be guaranteed! =MSB(x1)=MSB(x2) does not occur. This ensures that the local Truncation is correct.
本发明通过在经过一轮密码共享通讯后,采用随机数时,保持随机数的最高位和次高位相同,这样就能使得一方的分片数据能保证最高位和次高位相同;如此,可以保证密码共享方在进行本地Truncation时,错误的情况不发生;这样就能保证本地Truncation正确;是一种高效的Truncation方法。After a round of password sharing communication, the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; in this way, it can be guaranteed When the password sharing party performs local truncation, errors will not occur; this can ensure that the local truncation is correct; it is an efficient truncation method.
Claims (9)
- 一种秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:A method to ensure correct Truncation under secret sharing is characterized by including the following steps:步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;Step S1: Perform secret sharing operation on the original data, including at least 2 secret sharing parties;步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;Step S2: One of the secret sharing parties locally generates at least 1 random number, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating the random number When , keep the highest and second highest bits of each random number the same;步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其秘密共享运算后拥有的数据进行合并;Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the secret sharing operation;步骤S4:各秘密共享方分别进行本地Truncation。Step S4: Each secret sharing party performs local Truncation respectively.
- 根据权利要求1所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位。The method of ensuring correct truncation under secret sharing according to claim 1, characterized in that: in step S4, when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last part of the data. k bit.
- 根据权利要求2所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行。The method of ensuring correct truncation under secret sharing according to claim 2, characterized in that: in step S1, when the secret sharing operation is performed on the original data, it is performed in an integer ring.
- 根据权利要求3所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算。The method of ensuring correct Truncation under secret sharing according to claim 3, characterized in that: in step S1, when performing secret sharing operation on the original data, int type variable operation is performed on an integer ring.
- 根据权利要求4所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算。The method of ensuring correct truncation under secret sharing according to claim 4, characterized in that: in step S1, when performing secret sharing operation on the original data, int8 type variable operation is performed on the integer ring.
- 根据权利要求1所述的秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:The method for ensuring correct truncation under secret sharing according to claim 1, characterized in that it includes the following steps:步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;步骤S4:P0和P1分别进行本地Truncation。Step S4: P0 and P1 perform local truncation respectively.
- 根据权利要求6所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后k位。The method of ensuring correct truncation under secret sharing according to claim 6, characterized in that: in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Truncation is performed on the total data y1; its last k bits are truncated.
- 根据权利要求7所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的 总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后2位。The method of ensuring correct truncation under secret sharing according to claim 7, characterized in that: in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Truncation is performed on the total data y1; its last 2 digits are truncated.
- 一种秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:A method to ensure correct Truncation under secret sharing is characterized by including the following steps:步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;Step S1: Perform secret sharing operation on the original data, including at least 2 secret sharing parties;步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;Step S2: One of the secret sharing parties locally generates at least 1 random number, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating the random number When , keep the highest and second highest bits of each random number the same;步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其秘密共享运算后拥有的数据进行合并;Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the secret sharing operation;步骤S4:各秘密共享方分别进行本地Truncation;Step S4: Each secret sharing party performs local Truncation respectively;步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位;In step S4, when each secret sharing party performs local truncation respectively, it performs truncation on the total data it owns and truncates its last k bits;步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行;In step S1, when the secret sharing operation is performed on the original data, it is performed in the integer ring;步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算;In step S1, when performing secret sharing operation on the original data, int type variable operation is performed on the integer ring;步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算;In step S1, when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring;所述秘密共享下保证Truncation正确的方法具体包括如下步骤:The method to ensure correct truncation under secret sharing specifically includes the following steps:步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;步骤S4:P0和P1分别进行本地Truncation;Step S4: P0 and P1 perform local truncation respectively;步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后k位;In step S4, when P0 and P1 perform local Truncation respectively, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last k bits are truncated;步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后2位。In step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y1 it owns; the last two digits are truncated.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210391478.6A CN114866233A (en) | 2022-04-14 | 2022-04-14 | Method for ensuring correct trunk under secret sharing |
CN202210391478.6 | 2022-04-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023197468A1 true WO2023197468A1 (en) | 2023-10-19 |
Family
ID=82632273
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/103677 WO2023197468A1 (en) | 2022-04-14 | 2022-07-04 | Method for ensuring correct truncation under secret sharing |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114866233A (en) |
WO (1) | WO2023197468A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019158209A1 (en) * | 2018-02-16 | 2019-08-22 | Ecole polytechnique fédérale de Lausanne (EPFL) | Methods and systems for secure data exchange |
CN110198213A (en) * | 2019-04-01 | 2019-09-03 | 上海能链众合科技有限公司 | A kind of system based on privacy sharing random number common recognition algorithm |
-
2022
- 2022-04-14 CN CN202210391478.6A patent/CN114866233A/en not_active Withdrawn
- 2022-07-04 WO PCT/CN2022/103677 patent/WO2023197468A1/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019158209A1 (en) * | 2018-02-16 | 2019-08-22 | Ecole polytechnique fédérale de Lausanne (EPFL) | Methods and systems for secure data exchange |
CN110198213A (en) * | 2019-04-01 | 2019-09-03 | 上海能链众合科技有限公司 | A kind of system based on privacy sharing random number common recognition algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN114866233A (en) | 2022-08-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11601439B2 (en) | Verifiable outsourced ledgers | |
WO2021068444A1 (en) | Data processing method and device, computer apparatus, and storage medium | |
US10608811B2 (en) | Private set intersection encryption techniques | |
WO2015080896A1 (en) | Server-aided private set intersection (psi) with data transfer | |
WO2021237437A1 (en) | Data processing method and apparatus employing secure multi-party computation, and electronic device | |
CN113065162B (en) | Method and device for processing private data in shared form | |
US20230283461A1 (en) | Method, device, and storage medium for determining extremum based on secure multi-party computation | |
CN116506124B (en) | Multiparty privacy exchange system and method | |
CN112769542B (en) | Multiplication triple generation method, device, equipment and medium based on elliptic curve | |
WO2023040427A1 (en) | Method and apparatus for implementing privacy amplification in quantum key distribution | |
Shen et al. | ABNN2: secure two-party arbitrary-bitwidth quantized neural network predictions | |
CN116743713B (en) | Remote online paperless conference method and device based on Internet of things | |
WO2024051864A1 (en) | Method for optimizing constant round secure multi-party computation protocol | |
WO2023197468A1 (en) | Method for ensuring correct truncation under secret sharing | |
CN116743376A (en) | Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology | |
CN117675270A (en) | Multi-mode data encryption transmission method and system for longitudinal federal learning | |
CN115587382B (en) | Fully-encrypted data processing method, device, equipment and medium | |
WO2023221350A1 (en) | Blockchain-based code copyright registration system, method and platform | |
RU2686818C1 (en) | Method for scaling distributed information system | |
CN114844635A (en) | Method for safely carrying out Shuffle on data | |
CN114567448A (en) | Collaborative signature method and collaborative signature system | |
Li et al. | [Retracted] Hardware Optimization and System Design of Elliptic Curve Encryption Algorithm Based on FPGA | |
Pathak et al. | Tri-TTP based architecture for secure multi-party computations using virtual parties | |
CN111030823A (en) | Ultra-lightweight multi-signature data processing method and system and Internet of things platform | |
CN116055049B (en) | Multiparty secure computing method, device, system, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22937106 Country of ref document: EP Kind code of ref document: A1 |