WO2023197468A1 - Method for ensuring correct truncation under secret sharing - Google Patents

Method for ensuring correct truncation under secret sharing Download PDF

Info

Publication number
WO2023197468A1
WO2023197468A1 PCT/CN2022/103677 CN2022103677W WO2023197468A1 WO 2023197468 A1 WO2023197468 A1 WO 2023197468A1 CN 2022103677 W CN2022103677 W CN 2022103677W WO 2023197468 A1 WO2023197468 A1 WO 2023197468A1
Authority
WO
WIPO (PCT)
Prior art keywords
secret sharing
truncation
data
owns
random number
Prior art date
Application number
PCT/CN2022/103677
Other languages
French (fr)
Chinese (zh)
Inventor
杜吉锋
谢翔
李升林
孙立林
Original Assignee
上海阵方科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海阵方科技有限公司 filed Critical 上海阵方科技有限公司
Publication of WO2023197468A1 publication Critical patent/WO2023197468A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the invention relates to the field of computer software, and in particular to a method for ensuring correct Truncation under secret sharing.
  • Secure Multi-Party Computation mainly solves the problem of how multiple participants can successfully complete calculations without revealing their inputs to each other.
  • Password sharing is one way to implement MPC.
  • the original data will exist in the form of shards among all parties, making it impossible for all parties to easily restore the original data.
  • x x1+x2+x3; the original data x is divided into three servers: x1, x2, and x3. In this way, no server can restore the original data x.
  • addition and multiplication need to be redefined so that the calculation results can be the same as those calculated directly using the original data.
  • addition can be defined the same as daily addition, but multiplication is very different from daily multiplication, and many factors need to be considered to ensure its accuracy.
  • Truncation is a key step in realizing multiplication under secret sharing, and Truncation means truncation.
  • the purpose of the present invention is to overcome the shortcomings of the existing technology and provide a relatively simple method for ensuring correct Truncation under secret sharing that ensures correct local Truncation.
  • Step S1 perform secret sharing operation on the original data, including at least two secret sharing parties
  • Step S2 one of the secret sharing parties is local Generate at least 1 random number, use the random number to fragment the data it has after the secret sharing operation, and send the fragmented data to other secret sharing parties; among them, when generating random numbers, keep the highest value of each random number bit and the second highest bit are the same
  • Step S3 After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the original shared secret sharing operation
  • Step S4 Each secret sharing party performs local Truncation.
  • step S4 when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last k Bit.
  • step S1 the secret sharing operation on the original data is performed in an integer ring.
  • step S1 when the secret sharing operation is performed on the original data, the int type variable operation is performed on the integer ring.
  • step S1 when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring.
  • the method for ensuring correct Truncation under secret sharing includes the following steps: Step S1: perform a secret sharing operation on the original data x.
  • step S4 when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns.
  • Data y1 is Truncation; its last k bits are truncated.
  • step S4 when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns.
  • Data y1 is Truncation; its last 2 digits are truncated.
  • the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers after a round of password sharing communication, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; In this way, it can be ensured that errors will not occur when the password sharing party performs local truncation; this can ensure that the local truncation is correct; it is an efficient truncation method.
  • This embodiment provides a method to ensure correct Truncation under secret sharing.
  • the method includes step S1: performing a secret sharing operation on the original data.
  • the secret sharing parties include at least 2; among them, the number of secret sharing parties can be determined according to the actual situation. The situation is determined.
  • the priority of this embodiment is 2, and when performing secret sharing operation on the original data, it is performed in the integer ring. For example, int type variable operation is performed on the integer ring, in which int8 type variables can be used. Operation, int16 type variable operation, int32 type variable operation, etc.
  • step S2 One of the secret sharing parties generates at least 1 random number locally, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating When generating random numbers, keep the highest and second highest bits of each random number the same; and, Step S3: After other secret sharing parties receive the fragmented data, they will compare the received fragmented data with the data they have after the original secret sharing operation. Merge; Step S4: Each secret sharing party performs local Truncation respectively. When each secret sharing party performs local truncation respectively, it truncates the total data it owns and truncates its last k bits. Among them, k can be set according to specific actual needs.
  • k 13 digits after the decimal point
  • the value of k can also be set according to other needs, and there are no restrictions here.
  • one example is:
  • Step S1 Perform a secret sharing operation on the original data x.
  • Step S2 P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
  • Step S4 P0 and P1 each perform local Truncation.
  • step S4 when P0 and P1 each perform local Truncation, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last two bits are truncated respectively.
  • SecureML adopts the method of directly performing local truncation on sharded data. details as follows:
  • int-type variables This involves the representation of int-type variables in computers.
  • a variable of type int is an integer, its highest bit is 0; if it is a negative number, its highest bit is 1.
  • -1 is represented by 8 bits in the computer, that is, int8, then (11111111) 2 represents -1.
  • 1 is represented by int8: (00000001) 2 .
  • the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; in this way, it can be guaranteed When the password sharing party performs local truncation, errors will not occur; this can ensure that the local truncation is correct; it is an efficient truncation method.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the present invention is a method for ensuring correct Truncation under secret sharing, comprising: S1, performing secret sharing operation on original data, wherein there are at least two secret sharing parties; S2, one secret sharing party locally generating at least one random number, using the random data to fragment data the secret sharing party owns after the secret sharing operation, and sending data fragments to the rest of the secret sharing parties, wherein when generating the random number, the most significant bit and the second most significant bit of each random number are kept the same; S3, after receiving the data fragments, the rest of the secret sharing parties merging the received data fragments with original data the rest of the secret sharing parties own after the secret sharing operation; and S4, the secret sharing parties separately performing local Truncation. The present invention can ensure that Truncation errors do not occur, thereby ensuring correct local Truncation; and the method is an efficient Truncation method.

Description

一种秘密共享下保证Truncation正确的方法A method to ensure correct Truncation under secret sharing 技术领域Technical field
本发明涉及计算机软件领域,尤其涉及的是一种秘密共享下保证Truncation正确的方法。The invention relates to the field of computer software, and in particular to a method for ensuring correct Truncation under secret sharing.
背景技术Background technique
在安全多方计算(Multi-Party Computation,简称MPC)主要解决多个参与方在不互相透露各自输入的前提下,如何成功完成计算的问题。Secure Multi-Party Computation (MPC) mainly solves the problem of how multiple participants can successfully complete calculations without revealing their inputs to each other.
MPC目前的应用前景越来越广泛,企业、政府、学术机构和个人间的协同业务需求日趋强烈。一个典型的场景是,人工智能迅猛发展的历程中,数据隐私的需求愈加强烈。AI训练所需的数据,在很多商业场景里由于隐私合规性的原因无法获得,导致无法完成训练或者训练效果很差。隐私AI(PrivacyAI)正试图利用MPC来解决AI计算中的隐私保护问题,即如何在AI训练涉及的数据方不直接暴露明文数据的前提下,完成协同训练和协同预测。The current application prospects of MPC are becoming more and more extensive, and the demand for collaborative business among enterprises, governments, academic institutions and individuals is becoming increasingly strong. A typical scenario is that with the rapid development of artificial intelligence, the demand for data privacy has become stronger. The data required for AI training cannot be obtained in many business scenarios due to privacy compliance reasons, resulting in the inability to complete the training or poor training results. Privacy AI (PrivacyAI) is trying to use MPC to solve the privacy protection problem in AI computing, that is, how to complete collaborative training and collaborative prediction without directly exposing the data involved in AI training to plain text data.
密码分享是实现MPC的一种方式。在秘密分享方案下,原始数据会以分片的形式存在于各方,从而使得各方无法轻易还原出原始数据。例如x=x1+x2+x3;原始数据x就分成了x1,x2,x3分别在三台服务器,这样,任何一台服务器都无法还原出原始数据x。Password sharing is one way to implement MPC. Under the secret sharing scheme, the original data will exist in the form of shards among all parties, making it impossible for all parties to easily restore the original data. For example, x=x1+x2+x3; the original data x is divided into three servers: x1, x2, and x3. In this way, no server can restore the original data x.
在秘密分享下,为了实现算数运算,则需要重新定义加法和乘法,从而使得计算结果能和直接用原始数据进行计算的结果相同。其中,加法可以和日常的加法定义成相同,但是乘法则和日常的乘法迥然不同,需要考虑很多因素,才能保证其正确性。Truncation就是实现秘密分享下乘法的一个关键步骤,Truncation即截去。Under secret sharing, in order to implement arithmetic operations, addition and multiplication need to be redefined so that the calculation results can be the same as those calculated directly using the original data. Among them, addition can be defined the same as daily addition, but multiplication is very different from daily multiplication, and many factors need to be considered to ensure its accuracy. Truncation is a key step in realizing multiplication under secret sharing, and Truncation means truncation.
因此,现有技术存在缺陷,需要改进。Therefore, the existing technology is defective and needs improvement.
发明内容Contents of the invention
本发明的目的是克服现有技术的不足,提供一种相对简单,保证本地Truncation正确的秘密共享下保证Truncation正确的方法。The purpose of the present invention is to overcome the shortcomings of the existing technology and provide a relatively simple method for ensuring correct Truncation under secret sharing that ensures correct local Truncation.
本发明的技术方案如下:一种秘密共享下保证Truncation正确的方法,包括如下步骤:步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其原共秘密享运算后拥有的数据进行合并;步骤S4:各秘密共享方分别进行本地Truncation。The technical solution of the present invention is as follows: a method to ensure correct Truncation under secret sharing, including the following steps: Step S1: perform secret sharing operation on the original data, including at least two secret sharing parties; Step S2: one of the secret sharing parties is local Generate at least 1 random number, use the random number to fragment the data it has after the secret sharing operation, and send the fragmented data to other secret sharing parties; among them, when generating random numbers, keep the highest value of each random number bit and the second highest bit are the same; Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the original shared secret sharing operation; Step S4: Each secret sharing party performs local Truncation.
应用于上述技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位。Applied to the above technical solution, in the method of ensuring correct truncation under secret sharing, in step S4, when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last k Bit.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, the secret sharing operation on the original data is performed in an integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, when the secret sharing operation is performed on the original data, the int type variable operation is performed on the integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S1, when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,包括如下步骤:步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;步骤S4:P0和P1分别进行本地Truncation。Applied to each of the above technical solutions, the method for ensuring correct Truncation under secret sharing includes the following steps: Step S1: perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 Owns data x0, P1 owns data x1, and x0+x1=x; Step S2: P0 locally generates a random number r, and uses the random number r to fragment the data x0 it owns, and sets r as a new fragment. y0; P0 sends x0-r to P1; when generating a random number r, ensure that the highest bit and the second highest bit of r are the same; Step S3: P1 receives x0-r sent by P0 and sets the new fragment y1=x1 +x0–r; At this time, P0 has y0=r, and P1 has y1=x1+x0–r; and, y0+y1=x0+x1=x; Step S4: P0 and P1 perform local truncation respectively.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;截去其最后k位。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Data y1 is Truncation; its last k bits are truncated.
应用于上述各个技术方案,所述的秘密共享下保证Truncation正确的方法中,步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;截去其最后2位。Applied to each of the above technical solutions, in the method of ensuring correct truncation under secret sharing, in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Data y1 is Truncation; its last 2 digits are truncated.
采用上述方案,本发明通过在经过一轮密码共享通讯后,采用随机数时,保持随机数的最高位和次高位相同,这样就能使得一方的分片数据能保证最高位和次高位相同;如此,可以保证密码共享方在进行本地Truncation时,错误的情况不发生;这样就能保证本地Truncation正确;是一种高效的Truncation方法。Using the above solution, the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers after a round of password sharing communication, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; In this way, it can be ensured that errors will not occur when the password sharing party performs local truncation; this can ensure that the local truncation is correct; it is an efficient truncation method.
具体实施方式Detailed ways
下面将对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be described clearly and completely below. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.
本实施例提供了一种秘密共享下保证Truncation正确的方法,其中,该方法包括步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;其中,秘密共享方的数量可以根据实际情况确定,本实施例优先的为2个,并且,对原始数据进行秘密共享运算时,是在整数环中进行,例如,是在整数环上进 行int型变量运算,其中可以用采用int8型变量运算、int16型变量运算、int32型变量运算等.This embodiment provides a method to ensure correct Truncation under secret sharing. The method includes step S1: performing a secret sharing operation on the original data. The secret sharing parties include at least 2; among them, the number of secret sharing parties can be determined according to the actual situation. The situation is determined. The priority of this embodiment is 2, and when performing secret sharing operation on the original data, it is performed in the integer ring. For example, int type variable operation is performed on the integer ring, in which int8 type variables can be used. Operation, int16 type variable operation, int32 type variable operation, etc.
并且,步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;并且,步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其原秘密共享运算后拥有的数据进行合并;步骤S4:各秘密共享方分别进行本地进行Truncation。各秘密共享方分别进行本地Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位,其中,k可以根据具体实际需要设定,具体是可以在进行多方计算之前,就设置好这个值,例如,根据数据需要保留的精度设置k的数值,比如保留小数点后13位,那么这个k=13,k的数值设定还可以根据其他需要设定,此处不做任何限定。And, step S2: One of the secret sharing parties generates at least 1 random number locally, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating When generating random numbers, keep the highest and second highest bits of each random number the same; and, Step S3: After other secret sharing parties receive the fragmented data, they will compare the received fragmented data with the data they have after the original secret sharing operation. Merge; Step S4: Each secret sharing party performs local Truncation respectively. When each secret sharing party performs local truncation respectively, it truncates the total data it owns and truncates its last k bits. Among them, k can be set according to specific actual needs. Specifically, it can be set before performing multi-party calculations. To set this value, for example, set the value of k according to the precision that the data needs to be retained, such as retaining 13 digits after the decimal point, then k = 13. The value of k can also be set according to other needs, and there are no restrictions here.
例如,一个实施例是:For example, one example is:
步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;
步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;
步骤S4:P0和P1各自分别进行本地Truncation。Step S4: P0 and P1 each perform local Truncation.
并且,步骤S4中,P0和P1各自分别进行本地Truncation时,P0是对其拥有总数据y0进行Truncation,P1是对其拥有总数据y1进行Truncation;分别截去其最后2位。Moreover, in step S4, when P0 and P1 each perform local Truncation, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last two bits are truncated respectively.
具体举例:Specific examples:
例如,SecureML采用了直接对分片的数据进行本地Truncation的方法。具体如下:For example, SecureML adopts the method of directly performing local truncation on sharded data. details as follows:
原始数据x;original data x;
对x进行分片:x1=x+r,x2=-r,其中r是随机数。Slice x: x1=x+r, x2=-r, where r is a random number.
本地Truncation:1.截断x1的最低k位。2.截断x2的最低k位。Local Truncation: 1. Truncate the lowest k bits of x1. 2. Truncate the lowest k bits of x2.
正确性:大多数情况下,Truncation的错误不会发生,比如:x=1000,x1=1500,x2=-500;如果本地Truncation数据的后2位,则x1->15,x2->-5,x1+x2=10,正好是原先的数据x截断后两位的结果。Correctness: In most cases, Truncation errors will not occur, for example: x=1000, x1=1500, x2=-500; if the last 2 digits of the local Truncation data are, x1->15, x2->-5 , x1+x2=10, which is exactly the result of truncating the last two digits of the original data x.
错误的产生:Error occurs:
此处涉及到计算机中,int型变量的表示。计算机中,int类型的变量,如果是整数,则其最高位为0;如果是负数,则其最高位为1。例如-1如果在计算机中用8位来表示,即int8,则(11111111) 2就表示-1。1用int8表示:(00000001) 2This involves the representation of int-type variables in computers. In computers, if a variable of type int is an integer, its highest bit is 0; if it is a negative number, its highest bit is 1. For example, if -1 is represented by 8 bits in the computer, that is, int8, then (11111111) 2 represents -1. 1 is represented by int8: (00000001) 2 .
下面举个例子,证明本地Truncation会引发错误。The following is an example to prove that local Truncation will cause errors.
x=(00011101) 2x=(00011101) 2 ;
x1=x+r,x2=-r,令r=(01110000) 2x1=x+r, x2=-r, let r=(01110000) 2 ;
此时,x1=x+r=(10001101) 2,x2=-r=(10010000) 2At this time, x1=x+r=(10001101) 2 , x2=-r=(10010000) 2 ;
所以截断数据后两位:x1->(11100011) 2,x2->(11100100) 2,x1+x2=(10000111) 2Therefore, the last two digits of the data are truncated: x1->(11100011) 2 , x2->(11100100) 2 , x1+x2=(10000111) 2 ;
而x截断数据后两位:x->(00000111) 2And x truncates the last two digits of the data: x->(00000111) 2 ;
x!=x1+x2;x! =x1+x2;
因此发生错误。Hence the error occurs.
即,当MSB(x)!=MSB(x1)=MSB(x2)时,其中,MSB为最高有效位;会引发truncation错误。That is, when MSB(x)! =MSB(x1)=MSB(x2), where MSB is the most significant bit; a truncation error will occur.
如此,保证了r在整数环的最高位和次高位相同时,就能保证MSB(x)!=MSB(x1)=MSB(x2)的情况不发生。这样就能保证本地Truncation正确。In this way, it is guaranteed that when the highest bit and the second highest bit of r are the same in the integer ring, MSB(x) can be guaranteed! =MSB(x1)=MSB(x2) does not occur. This ensures that the local Truncation is correct.
本发明通过在经过一轮密码共享通讯后,采用随机数时,保持随机数的最高位和次高位相同,这样就能使得一方的分片数据能保证最高位和次高位相同;如此,可以保证密码共享方在进行本地Truncation时,错误的情况不发生;这样就能保证本地Truncation正确;是一种高效的Truncation方法。After a round of password sharing communication, the present invention keeps the highest bit and the second highest bit of the random number the same when using random numbers, so that the fragmented data of one party can ensure that the highest bit and the second highest bit are the same; in this way, it can be guaranteed When the password sharing party performs local truncation, errors will not occur; this can ensure that the local truncation is correct; it is an efficient truncation method.

Claims (9)

  1. 一种秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:A method to ensure correct Truncation under secret sharing is characterized by including the following steps:
    步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;Step S1: Perform secret sharing operation on the original data, including at least 2 secret sharing parties;
    步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;Step S2: One of the secret sharing parties locally generates at least 1 random number, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating the random number When , keep the highest and second highest bits of each random number the same;
    步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其秘密共享运算后拥有的数据进行合并;Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the secret sharing operation;
    步骤S4:各秘密共享方分别进行本地Truncation。Step S4: Each secret sharing party performs local Truncation respectively.
  2. 根据权利要求1所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位。The method of ensuring correct truncation under secret sharing according to claim 1, characterized in that: in step S4, when each secret sharing party performs truncation locally, it performs truncation on the total data it owns, and truncates the last part of the data. k bit.
  3. 根据权利要求2所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行。The method of ensuring correct truncation under secret sharing according to claim 2, characterized in that: in step S1, when the secret sharing operation is performed on the original data, it is performed in an integer ring.
  4. 根据权利要求3所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算。The method of ensuring correct Truncation under secret sharing according to claim 3, characterized in that: in step S1, when performing secret sharing operation on the original data, int type variable operation is performed on an integer ring.
  5. 根据权利要求4所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算。The method of ensuring correct truncation under secret sharing according to claim 4, characterized in that: in step S1, when performing secret sharing operation on the original data, int8 type variable operation is performed on the integer ring.
  6. 根据权利要求1所述的秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:The method for ensuring correct truncation under secret sharing according to claim 1, characterized in that it includes the following steps:
    步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;
    步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
    步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;
    步骤S4:P0和P1分别进行本地Truncation。Step S4: P0 and P1 perform local truncation respectively.
  7. 根据权利要求6所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后k位。The method of ensuring correct truncation under secret sharing according to claim 6, characterized in that: in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Truncation is performed on the total data y1; its last k bits are truncated.
  8. 根据权利要求7所述的秘密共享下保证Truncation正确的方法,其特征在于:步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的 总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后2位。The method of ensuring correct truncation under secret sharing according to claim 7, characterized in that: in step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y0 it owns. Truncation is performed on the total data y1; its last 2 digits are truncated.
  9. 一种秘密共享下保证Truncation正确的方法,其特征在于,包括如下步骤:A method to ensure correct Truncation under secret sharing is characterized by including the following steps:
    步骤S1:对原始数据进行秘密共享运算,秘密共享方至少包括2个;Step S1: Perform secret sharing operation on the original data, including at least 2 secret sharing parties;
    步骤S2:其中一个秘密共享方本地产生至少1个随机数,并采用随机数对其秘密共享运算后拥有的数据进行分片,将分片数据发送给其他秘密共享方;其中,在产生随机数时,保持每一随机数的最高位和次高位相同;Step S2: One of the secret sharing parties locally generates at least 1 random number, uses the random number to fragment the data it has after the secret sharing operation, and sends the fragmented data to other secret sharing parties; where, after generating the random number When , keep the highest and second highest bits of each random number the same;
    步骤S3:其他秘密共享方接受到分片数据后,将收到的分片数据与其秘密共享运算后拥有的数据进行合并;Step S3: After receiving the fragmented data, other secret sharing parties merge the received fragmented data with the data they have after the secret sharing operation;
    步骤S4:各秘密共享方分别进行本地Truncation;Step S4: Each secret sharing party performs local Truncation respectively;
    步骤S4中,各秘密共享方分别进行本地进行Truncation时,是分别对其拥有的总数据进行Truncation,截去其最后k位;In step S4, when each secret sharing party performs local truncation respectively, it performs truncation on the total data it owns and truncates its last k bits;
    步骤S1中,对原始数据进行秘密共享运算时,是在整数环中进行;In step S1, when the secret sharing operation is performed on the original data, it is performed in the integer ring;
    步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int型变量运算;In step S1, when performing secret sharing operation on the original data, int type variable operation is performed on the integer ring;
    步骤S1中,对原始数据进行秘密共享运算时,是在整数环上进行int8型变量运算;In step S1, when the secret sharing operation is performed on the original data, the int8 type variable operation is performed on the integer ring;
    所述秘密共享下保证Truncation正确的方法具体包括如下步骤:The method to ensure correct truncation under secret sharing specifically includes the following steps:
    步骤S1:对原始数据x进行秘密共享运算,秘密共享方包括P0和P1,秘密共享运算后,P0拥有数据x0,P1拥有数据x1,且x0+x1=x;Step S1: Perform a secret sharing operation on the original data x. The secret sharing parties include P0 and P1. After the secret sharing operation, P0 owns the data x0, P1 owns the data x1, and x0+x1=x;
    步骤S2:P0本地产生一个随机数r,并采用随机数r对其拥有的数据x0进行分片,并设置r为新的分片y0;P0发送x0-r给P1;其中,在产生随机数r时,保证r的最高位和次高位相同;Step S2: P0 locally generates a random number r, uses the random number r to fragment the data x0 it owns, and sets r as the new fragment y0; P0 sends x0-r to P1; where, after generating the random number When r, ensure that the highest bit and the second highest bit of r are the same;
    步骤S3:P1接收P0发送的x0-r,并设置新的分片y1=x1+x0–r;此时,P0拥有y0=r,P1拥有y1=x1+x0–r;并且,y0+y1=x0+x1=x;Step S3: P1 receives x0-r sent by P0, and sets the new fragment y1=x1+x0–r; at this time, P0 owns y0=r, P1 owns y1=x1+x0–r; and, y0+y1 =x0+x1=x;
    步骤S4:P0和P1分别进行本地Truncation;Step S4: P0 and P1 perform local truncation respectively;
    步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后k位;In step S4, when P0 and P1 perform local Truncation respectively, P0 performs Truncation on the total data y0 it owns, and P1 performs Truncation on the total data y1 it owns; the last k bits are truncated;
    步骤S4中,P0和P1分别进行本地Truncation时,P0是对其拥有的总数据y0进行Truncation,P1是对其拥有的总数据y1进行Truncation;截去其最后2位。In step S4, when P0 and P1 perform local truncation respectively, P0 performs truncation on the total data y0 it owns, and P1 performs truncation on the total data y1 it owns; the last two digits are truncated.
PCT/CN2022/103677 2022-04-14 2022-07-04 Method for ensuring correct truncation under secret sharing WO2023197468A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210391478.6A CN114866233A (en) 2022-04-14 2022-04-14 Method for ensuring correct trunk under secret sharing
CN202210391478.6 2022-04-14

Publications (1)

Publication Number Publication Date
WO2023197468A1 true WO2023197468A1 (en) 2023-10-19

Family

ID=82632273

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/103677 WO2023197468A1 (en) 2022-04-14 2022-07-04 Method for ensuring correct truncation under secret sharing

Country Status (2)

Country Link
CN (1) CN114866233A (en)
WO (1) WO2023197468A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
CN110198213A (en) * 2019-04-01 2019-09-03 上海能链众合科技有限公司 A kind of system based on privacy sharing random number common recognition algorithm

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
CN110198213A (en) * 2019-04-01 2019-09-03 上海能链众合科技有限公司 A kind of system based on privacy sharing random number common recognition algorithm

Also Published As

Publication number Publication date
CN114866233A (en) 2022-08-05

Similar Documents

Publication Publication Date Title
US11601439B2 (en) Verifiable outsourced ledgers
WO2021068444A1 (en) Data processing method and device, computer apparatus, and storage medium
US10608811B2 (en) Private set intersection encryption techniques
WO2015080896A1 (en) Server-aided private set intersection (psi) with data transfer
WO2021237437A1 (en) Data processing method and apparatus employing secure multi-party computation, and electronic device
CN113065162B (en) Method and device for processing private data in shared form
US20230283461A1 (en) Method, device, and storage medium for determining extremum based on secure multi-party computation
CN116506124B (en) Multiparty privacy exchange system and method
CN112769542B (en) Multiplication triple generation method, device, equipment and medium based on elliptic curve
WO2023040427A1 (en) Method and apparatus for implementing privacy amplification in quantum key distribution
Shen et al. ABNN2: secure two-party arbitrary-bitwidth quantized neural network predictions
CN116743713B (en) Remote online paperless conference method and device based on Internet of things
WO2024051864A1 (en) Method for optimizing constant round secure multi-party computation protocol
WO2023197468A1 (en) Method for ensuring correct truncation under secret sharing
CN116743376A (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
CN117675270A (en) Multi-mode data encryption transmission method and system for longitudinal federal learning
CN115587382B (en) Fully-encrypted data processing method, device, equipment and medium
WO2023221350A1 (en) Blockchain-based code copyright registration system, method and platform
RU2686818C1 (en) Method for scaling distributed information system
CN114844635A (en) Method for safely carrying out Shuffle on data
CN114567448A (en) Collaborative signature method and collaborative signature system
Li et al. [Retracted] Hardware Optimization and System Design of Elliptic Curve Encryption Algorithm Based on FPGA
Pathak et al. Tri-TTP based architecture for secure multi-party computations using virtual parties
CN111030823A (en) Ultra-lightweight multi-signature data processing method and system and Internet of things platform
CN116055049B (en) Multiparty secure computing method, device, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22937106

Country of ref document: EP

Kind code of ref document: A1