CN115765980A - Decentralized data aggregation and sharing method and system based on secure inner product calculation - Google Patents

Abstract

The invention discloses a decentralized data aggregation sharing method and system based on secure inner product computation _i (ii) a Firstly, KGC generates initial public parameters; then DO _i Interactively generating a private key sk using common parameters _i ，DO _i Passing sk _i After carrying out encryption calculation on the private data, uploading a ciphertext to the CS, and generating a sub-decryption key dk through the KGC _yi Upload to CS, all DOs of CS to same tag _i Verifying the uploaded ciphertext to obtain the uploaded sub decryption key dk _yi Verifying to ensure that each participant participates effectively; then, the ciphertext is aggregated and calculated to aggregate dk _yi Computationally generating a decryption key dk _y CS reuse dk _y Computing the aggregated ciphertext and returning the computed intermediate values to all DO' s _i (ii) a And finally, recovering the intermediate value returned by the CS to obtain an aggregated data result of the safety inner product calculation. The invention adoptsThe decentralization scheme is used, and the safety is higher.

Description

Decentralized data aggregation and sharing method and system based on secure inner product calculation

technical field

The invention belongs to the field of information security technology, and relates to a decentralized multi-party data aggregation and sharing method and system based on secure inner product calculation, and in particular to a method and system for multiple participants each holding a certain amount of data under the premise of privacy protection A method and system for aggregation and sharing of data functions.

Background technique

With the widespread deployment and application of big data computing environments on the cloud, it has brought great convenience to users of cloud services. Emerging cloud services provide users with continuously reliable, scalable, and high-throughput big data storage and computing services. But it also brings privacy-related issues. In this outsourced big data computing environment, because the user's data ownership and use rights are separated, there is a risk of privacy data leakage in the stages of data upload, calculation, and output. possible. Therefore, how to protect the privacy of cloud users' sensitive data in a big data environment has attracted a lot of attention from academia and industry. At the same time, ensuring data availability and computing efficiency has become one of the research hotspots in the field of big data privacy protection. Among them, function encryption is a new paradigm in public key encryption. The original decryption result is either plaintext or does not reveal any plaintext information, while function encryption obtains the function value of the secret data after decryption. This property of functional encryption allows users to finely control the amount of information a ciphertext reveals to a given recipient. This new cryptographic system can realize effective data calculation, retrieval and access control while ensuring data confidentiality.

Then when a group of users want to share specific functions of their aggregated data, considering that their private data cannot be leaked to the other party and the cloud server, it is hoped that the encrypted data can allow the cloud server to perform specific functional aggregation calculations to reduce reduce the local computing burden. In order to solve the computing problem and privacy protection problem of multi-user data sharing, the efficient computing and fine-grained ciphertext access control of functional encryption are effective choices for data privacy computing. Through function encryption, multiple users can aggregate specific functions of data without disclosing private data, perform secure calculations on data, and effectively solve some data privacy and calculation problems.

At present, there are also schemes to protect data privacy through function encryption. Some people have proposed an outsourced inner product calculation scheme. They are discussing that after the data owner uploads the encrypted data, the data user generates a decryption key through the key generation center. After that, the evaluation key is generated by decrypting the key to decrypt the server to generate an intermediate value and send it to the data user, and then the data user restores the final value; however, the key generation of this scheme is directly generated by the key generation center. , which will make the key generation center have a higher authority and retain the ability to recover the ciphertext, thus increasing the risk of leaking the inner product of the data; moreover, the verification algorithm steps of this scheme are cumbersome and the calculation cost is too large; some schemes have In the decryption stage, the server directly decrypts the inner product result and then sends it to the user, so that the inner product result data is not protected from privacy.

Contents of the invention

In order to solve the above technical problems, the present invention provides a decentralized multi-party data aggregation and sharing method and system based on secure inner product calculation.

The technical solution adopted by the method of the present invention is: a decentralized data aggregation and sharing method based on secure inner product calculation, including a key generation center KGC, a cloud server CS, and a group of data holders for secure data aggregation and sharing or DO _i ; when there are m shared participants, then DO _i represents the i-th participant, and a group of participants negotiated in the system will have the same label l in the group, and only participants with the same label can Participate in sharing and restore the final aggregation result, i∈{1,2,…,m};

The method comprises the steps of:

Step 1: KGC generates initial public parameters;

Step 2: DO _i utilizes public parameters and generates private key sk _i interactively;

Step 3: DO _i encrypts the private data through _ski and uploads the ciphertext to CS;

上传给CS；Step 4: Sub-decryption key generated by KGC

Upload to CS;

进行验证，保证各个参与方都有效参与；Step 5: CS verifies the ciphertexts uploaded by all DO _i with the same label, and decrypts the uploaded sub-keys

Carry out verification to ensure that all participants participate effectively;

计算生成解密钥dk_y，CS再利用dk_y对聚合的密文进行计算，把计算的中间值返还给所有DO_i；Step 6: Calculate and aggregate the ciphertext

Calculate and generate the decryption key dk _y , CS then uses dk _y to calculate the aggregated ciphertext, and returns the calculated intermediate value to all DO _i ;

Step 7: Recover the intermediate value returned by CS to obtain the aggregated data result of the safe inner product calculation.

The technical solution adopted by the system of the present invention is: a decentralized data aggregation and sharing system based on secure inner product calculation, including a key generation center KGC, a cloud server CS, and a group of data holders for secure data aggregation and sharing or DO _i ; when there are m shared participants, then DO _i represents the i-th participant, and a group of participants negotiated in the system will have the same label l in the group, and only participants with the same label can Participate in sharing and restore the final aggregation result, i∈{1,2,…,m};

The system includes the following modules:

Module 1, used for KGC to generate initial public parameters;

Module 2, used for DO _i to use public parameters and generate private key sk _i interactively;

Module 3, used for DO _i to encrypt and calculate private data through sk _i and then upload the ciphertext to CS;

上传给CS；Module 4, for sub-decryption keys generated by KGC

Upload to CS;

进行验证，保证各个参与方都有效参与；Module 5, used for CS to verify the ciphertext uploaded by all DO _i with the same label, and to upload the sub-decryption key

Carry out verification to ensure that all participants participate effectively;

计算生成解密钥dk_y，CS再利用dk_y对聚合的密文进行计算，把计算的中间值返还给所有DO_i；Module 6, for ciphertext aggregation calculation, aggregation

Calculate and generate the decryption key dk _y , CS then uses dk _y to calculate the aggregated ciphertext, and returns the calculated intermediate value to all DO _i ;

Module 7, used to restore the intermediate value returned by CS to obtain the aggregated data result of the safe inner product calculation.

The invention can ensure that the participants participating in the data sharing of the safe inner product calculation in the group can protect the original data privacy when sharing the data under dishonest cloud servers and external attacks. Participants perform data functional aggregation through secure inner product calculations to ensure that data can be calculated without the original data being leaked, which is highly practical. Participants who jointly participate in the data aggregation of the safe inner product calculation will have the same label in the group, and only the participants with the same label can finally recover the data aggregation result of the safe inner product calculation, which makes it impossible for other groups of participants to Get involved. Each participant generates its own local key for encryption and participates in the generation of sub-decryption keys. Compared with directly generating the decryption key by the key generation center, the decision-making power for the generation of the decryption key is distributed to each participant. The authority of the key generation center is greatly reduced, and it is only responsible for the calculation and generation work, achieving the effect of decentralization. The cloud server operates on the ciphertext and cannot interpret any useful information from it. The decryption result of the ciphertext is not the final accumulated value in the data. Only the participants with the tags in the group can recover the final result. Further guarantee the security of the aggregation result. The technology of the present invention can also be used in many scenarios. For example, a hospital in an area can aggregate and share disease data through secure inner product calculation without revealing the patient's private data. By analyzing the data results under the safe inner product calculation, the Regional treatment of some infectious diseases is of great help. Therefore, the present invention has high practicality and privacy protection.

Description of drawings

Fig. 1: a method participant architecture diagram of an embodiment of the present invention;

Fig. 2: method flowchart of the embodiment of the present invention;

Fig. 3: the specific flowchart of step 1 in the method for the embodiment of the present invention;

Fig. 4: the specific flowchart of step 3 in the method of the embodiment of the present invention;

Fig. 5: the specific flowchart of step 4 in the method of the embodiment of the present invention;

Fig. 6: the specific flowchart of step 5 in the method of the embodiment of the present invention;

Fig. 7: a specific flowchart of step 6 in the method of the embodiment of the present invention.

Detailed ways

In order to facilitate those of ordinary skill in the art to understand and implement the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the implementation examples described here are only used to illustrate and explain the present invention, and are not intended to limit this invention.

Please see Figure 1, a decentralized data aggregation and sharing method based on safe inner product calculation in the present invention, including the following steps:

Step 1: KGC generates initial public parameters;

See also Fig. 3, the specific realization of step 1 in the present embodiment includes the following sub-steps:

其中p′和q′是满足p′，q′＞2^λ的大素数，

令

大素数q＞2^λ，消息的大小边界满足||x||＜X，向量的大小边界满足||y||＜Y；Step 1.1: KGC inputs security parameter λ, data length parameter n, message boundary parameter X and vector boundary parameter Y to generate a safe prime number

Where p' and q' are large prime numbers satisfying p', q'>2 ^λ ,

make

Large prime number q>2 ^λ , the size boundary of the message satisfies ||x||<X, and the size boundary of the vector satisfies ||y||<Y;

其中a，b是正整数；Step 1.2: Define a bilinear mapping function e: (G ₁ ×G ₂ →G _T ), where G ₁ , G ₂ and G _T are all cyclic groups containing q elements, where the groups G ₁ and G ₂ The group generators are g ₁ and g ₂ respectively, so that the number on G ₁ and the number on G ₂ can be calculated to get the number on G _T , and the calculation satisfies

Where a, b are positive integers;

然后把v_i发送给对应的参与方DO_i，其中下标i对应m个参与方的下标索引，然后不再保留v_i，只将V的值保留；其中，i∈{1，2，...，m}；Step 1.3: Randomly select m numbers within the range of {1, 2, ..., N-1} and record them as v _i , calculate

Then send v _i to the corresponding participant DO _i , where the subscript i corresponds to the subscript index of m participants, and then no longer keep v _i , only keep the value of V; where, i∈{1, 2, ..., m};

Step 1.4: Define three mapping functions: H ₁ : {0, 1} ⁿ → {0, 1, 2, ..., N ² -1}, H ₂ : G _T → {0, 1, 2, . .., N ² -1}, H _v : {0, 1} ⁿ → G ₁ , H ₁ maps n-bit numbers to positive integers smaller than N ² , H ₂ maps the numbers on the G _T group Mapped to a positive integer smaller than N ² , H _v is to map the number of n long bits into the number on the G ₁ group;

记为A，e(g₁，g₂)^α∈G_T记为B；Step 1.5: Randomly select a number from {1, 2, ..., q-1} and record it as α, calculate

Denote as A, e(g ₁ , g ₂ ) ^α ∈ _{G T} denote as B;

Step 1.6: Finally KGC public parameters mpk={N, X, e, g ₁ , g ₂ , G ₁ , G ₂ , G _T , V, H ₁ , H _v , H ₂ , A, B}, keep msk= {α, Y}.

Step 2: DO _i utilizes public parameters and generates private key sk _i interactively;

The specific implementation of step 2 in this embodiment includes the following sub-steps:

向量中的元素(s_i,1，s_i,2，...，s_i，n)为n个从正整数Z范围内随机取的数，s_i,j(j∈[1，n])则表示向量s_i中的第j个元素，

则表示n个正整数Z范围内的随机数且满足标准差为

的正整数离散高斯分布，令加密钥ek_i＝s_i；Step 2.1: Participant DO _i selects n-dimensional vector s _i , satisfying

The elements in the vector (s _i,1 , s _i,2 ,..., s _i,n ) are n randomly selected numbers from the range of positive integer Z, s _i,j (j∈[1,n] ) means the jth element in the vector _si ,

Then it means a random number within the range of n positive integers Z and the standard deviation is

positive integer discrete Gaussian distribution of , let encryption key ek _i =s _i ;

Step 2.2: Participant DO _i interactively generates t _i ;

每个DO_i都会收到m-1个子向量t′_j，i，j∈{1，2，...i-1，i+1，...，m}；最后生成的

满足

For each participant, a one-dimensional vector of n×m length is randomly generated and recorded as t′ _i , and then its value is randomly divided into m subvalues, and a subvalue is randomly sent to the remaining m-1 participants , the sent sub-vector is denoted as t′ _{i, j} , and a copy is denoted as t′ _{i, i} , where j represents the subscript of the receiver, that is, satisfies

Each DO _i will receive m-1 sub-vectors t′ _{j, i} , j∈{1,2,...i-1,i+1,...,m}; the final generated

satisfy

Step 2.3: The private key sk _i =(s _i , t _i , v _i ) finally generated by the participant DO _i .

Step 3: DO _i encrypts the private data through _ski and uploads the ciphertext to CS;

See also Fig. 4, the specific realization of step 3 in the present embodiment includes the following sub-steps:

向量中的元素表示为[0,N]中的整数，其中组内标签l为n比特长数，计算H₁(l)记为H，计算H_v(l)记为I，计算H₂(B^l)记为δ；Step 3.1: DO _i encrypts the data, where the private data is expressed as an n-dimensional vector

The elements in the vector are expressed as integers in [0, N], where the label l in the group is an n-bit long number, the calculation of H ₁ (l) is denoted as H, the calculation of H _v (l) is denoted as I, and the calculation of H ₂ ( B ^l ) is denoted as δ;

Step 3.2: Calculate Cv _i =v _i ·H _v (l)∈G ₁ ;

Step 3.3: Data encryption calculation

Step 3.4: DO _i organizes the ciphertext C _i = (C _i1 , C _i2 , C _i3 , C _i4 ) = (Cv _i , _Cxi , H, I) and uploads it to CS.

Step 4: Upload the sub-decryption key dk _yi generated by KGC to CS;

See also Fig. 5, the specific realization of step 4 in the present embodiment includes the following sub-steps:

向KGC发送私密钥和向量y_i＝(y_i,1,y_i,2,…,y_i,n)，其中向量y_i中的元素表现为[0,N]中的整数；则KGC有y＝(y₁||y₂||…||y_m)，||表示前后两部分相连接起来，向量y为一个n×m长的一个向量；Step 4.1: DO _i generates a sub-decryption key through KGC

Send the private key and vector y _i =(y _i,1 ,y _i,2 ,…,y _i,n ) to KGC, where the elements in vector y _i represent integers in [0,N]; then KGC There is y=(y ₁ ||y ₂ ||...||y _m ), || means that the front and back parts are connected, and the vector y is a vector of n×m length;

Step 4.2: KGC calculates <s _i ,y _i >+<t _i ,y> as

记为k_i；Step 4.3: Calculation

denoted as k _i ;

Step 4.4: Organize sub-decryption keys

发送给DO_i；Step 4.5: KGC respectively decrypts the sub-keys

send to DO _i ;

上传给CS。Step 4.6: DO _i assigns the sub-decryption keys to

Upload to CS.

进行验证，保证各个参与方都有效参与；Step 5: CS verifies the ciphertexts uploaded by all DO _i with the same label, and decrypts the uploaded sub-keys

Carry out verification to ensure that all participants participate effectively;

See also Fig. 6, the specific realization of step 5 in the present embodiment includes the following sub-steps:

Step 5.1: CS receives all ciphertexts of DO _i , and then performs verification calculation on the ciphertexts;

是否成立，验证所有C_i3,C_i4是否相等，相等则对任意i令C₃＝C_i3，C₄＝C_i4，反之则为不同标签下的参与方；若

不成立，则参与方未全部参与上传密文，返回进行步骤3.4，通过则进行下一步骤：CS first verifies the ciphertext, checks whether all parties have sent the ciphertext, and verifies the calculation

Whether it is established, verify whether all C _i3 and C _i4 are equal, and if they are equal, set C ₃ =C _i3 , C ₄ =C _i4 for any i, otherwise, they are participants under different labels; if

If it is not established, all participants did not participate in uploading the ciphertext, return to step 3.4, if passed, proceed to the next step:

进行验证；Step 5.2: CS receives all the sub-decryption keys of DO _i , and the sub-decryption keys

authenticating;

是否成立，若不成立，则检查是否是所有参与者全部上传，若有参与方未上传，则等待上传；若接收到m个子解密钥等式仍不成立，则有参与方未正确上传子解密密钥或者有参与方恶意上传，则终止共享；通过则继续下一步：CS first verifies the calculation

Whether it is true, if not, check whether all participants have uploaded it, if any participant has not uploaded, wait for the upload; if the equation of m sub-decryption keys is still not established, then some participants have not uploaded the sub-decryption key correctly key or maliciously uploaded by a participant, the sharing will be terminated; if passed, continue to the next step:

得向量y＝(y₁||y₂||…||y_m)。Step 5.3: CS finishing

Get the vector y=(y ₁ ||y ₂ ||...||y _m ).

计算生成解密钥dk_y，CS再利用dk_y对聚合的密文进行计算，把计算的中间值返还给所有DO_i；Step 6: Calculate and aggregate the ciphertext

Calculate and generate the decryption key dk _y , CS then uses dk _y to calculate the aggregated ciphertext, and returns the calculated intermediate value to all DO _i ;

See also Fig. 7, the specific realization of step 6 in the present embodiment includes the following sub-steps:

Step 6.1: CS calculates the ciphertext of a single participant;

The calculated result of a single participant’s ciphertext is denoted as d _i ; _xi is expressed as an n-dimensional private data vector, xi ₌ (xi _,1 , _xi,2 ,…,xi _,n ), xi _{, j} is expressed as the jth element in the vector x _i (j∈[1,n]);

Step 6.2: CS aggregates the received sub-decryption keys to generate a decryption key dk _y ;

Step 6.3: CS aggregates and calculates the ciphertexts of all participants;

Step 6.4: CS calculates D ₁ on the aggregation calculation result;

Step 6.5: Calculation

Step 6.6: CS sends the calculation result D ₂ to the participants.

Step 7: Recover the intermediate value returned by CS to obtain the aggregated data result of the safe inner product calculation;

The specific implementation of step 7 in this embodiment includes the following sub-steps:

Step 7.1: The participant calculates the value δ=H ₂ (B ^l ) through the label l;

Step 7.2: Calculate D ₂ /δ to get the aggregated inner product value of all participants:

The present invention implements a decentralized data aggregation and sharing scheme based on multi-party secure inner product calculation based on the secure inner product function encryption algorithm and DCR assumption. This solution not only does not need to calculate the discrete logarithm on the decryption result to obtain the safe inner product value, This will not make the value of the security inner product only in a certain small range, which not only reduces the calculation overhead and increases the practical range, but also distributes the authority to generate decryption keys to all participants, reducing the key generation The authority of the center has achieved the effect of decentralization. It also verifies the uploaded ciphertext and key, ensuring that only the participants participating in the sharing are completely and correctly uploaded before they can be decrypted correctly. The final decryption result can only be obtained by the participants. Recovery, the decrypted result of the server is still an intermediate value, which not only protects the privacy of the data of all parties, but also protects the value of the aggregated result.

The present invention proposes that a group of users carry out aggregation and sharing of secure inner product calculation data functions, and the users in the initial group are given specific labels, and only users with the same label can participate in the sharing within the group. The present invention considers that the key generation center has Higher authority retains the ability to recover ciphertext, so a decentralized scheme is adopted to assign the authority to generate keys to each user, requiring all users to participate in the generation of decryption keys, and also to upload the key Verify and check with ciphertext to ensure that all users participate in sharing, which has higher security.

It should be understood that the above-mentioned descriptions for the preferred embodiments are relatively detailed, and should not therefore be considered as limiting the scope of the patent protection of the present invention. Within the scope of protection, replacements or modifications can also be made, all of which fall within the protection scope of the present invention, and the scope of protection of the present invention should be based on the appended claims.

Claims (9)

1. A decentralized data aggregation and sharing method based on safe inner product calculation, characterized in that: it includes a key generation center KGC, a cloud server CS, and a group of data holders DO _i for safe data aggregation and sharing; when If there are m sharing participants, then DO _i represents the i-th participant. A group of participants negotiated in the system will have the same label l in the group, and only participants with the same label can participate in the sharing and resume output. The result of the final aggregation, i ∈ {1, 2, ..., m}; The method comprises the steps of: Step 1: KGC generates initial public parameters; Step 2: DO _i utilizes public parameters and generates private key sk _i interactively; Step 3: DO _i encrypts the private data through _ski and uploads the ciphertext to CS; Step 4: Sub-decryption key generated by KGC

Upload to CS; Step 5: CS verifies the ciphertexts uploaded by all DO _i with the same label, and decrypts the uploaded sub-keys

Carry out verification to ensure that all participants participate effectively; Step 6: Calculate and aggregate the ciphertext

Calculate and generate the decryption key dk _y , CS then uses dk _y to calculate the aggregated ciphertext, and returns the calculated intermediate value to all DO _i ; Step 7: Recover the intermediate value returned by CS to obtain the aggregated data result of the safe inner product calculation. 2. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 1, wherein the specific implementation of step 1 includes the following sub-steps: Step 1.1: KGC inputs security parameter λ, data length parameter n, message boundary parameter X and vector boundary parameter Y to generate a safe prime number

Where p' and q' are large prime numbers satisfying p', q'>2 ^λ ,

make

Large prime number q>2 ^λ , the size boundary of the message satisfies ||x||<X, and the size boundary of the vector satisfies ||y||<Y; Step 1.2: Define a bilinear mapping function e: (G ₁ ×G ₂ →G _T ), where G ₁ , G ₂ and G _T are all cyclic groups containing q elements, where the groups G ₁ and G ₂ The group generators are g ₁ and g ₂ respectively, so that the number on G ₁ and the number on G ₂ can be calculated to get the number on G _T , and the calculation satisfies

Where a, b are positive integers; Step 1.3: Randomly select m numbers within the range of {1, 2, ..., N-1} and record them as v _i , calculate

Then send v _i to the corresponding participant DO _i , where the subscript i corresponds to the subscript index of m participants, and then no longer keep v _i , but only keep the value of y; where, i∈{1, 2, ..., m}; Step 1.4: Define three mapping functions: H ₁ : {0, 1} ⁿ → {0, 1, 2, ..., N ² -1}, H ₂ : G _T → {0, 1, 2, . .., N ² -1}, H _v : {0, 1} ⁿ → G ₁ , H ₁ maps n-bit numbers to positive integers smaller than N ² , H ₂ maps the numbers on the G _T group Mapped to a positive integer smaller than N ² , H _v is to map the number of n long bits into the number on the G ₁ group; Step 1.5: Randomly select a number from {1, 2, ..., q-1} and record it as α, calculate

Denote as A, e(g ₁ , g ₂ ) ^α ∈ _{G T} denote as B; Step 1.6: Finally KGC public parameters mpk={N, X, e, g ₁ , g ₂ , G ₁ , G ₂ , G _T , V, H ₁ , H _v , H ₂ , A, B}, keep msk= {α, Y}. 3. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 2, wherein the specific implementation of step 2 includes the following sub-steps: Step 2.1: Participant DO _i selects n-dimensional vector s _i , satisfying

The elements in the vector (s _{i, 1} , s _{i, 2} ,..., s _{i, n} ) are n randomly selected numbers from the range of positive integers Z, and s _{i, j} represent the number in the vector s _i j elements, j∈[1,n],

Then it means a random number within the range of n positive integers Z and the standard deviation is

positive integer discrete Gaussian distribution of , let encryption key ek _i =s _i ; Step 2.2: Participant DO _i interactively generates t _i ; For each participant, a one-dimensional vector of n×m length is randomly generated and recorded as t′ _i , and then its value is randomly divided into m subvalues, and a subvalue is randomly sent to the remaining m-1 participants , the sent sub-vector is denoted as t′ _{i, j} , and a copy is denoted as t′ _{i, i} , where j represents the subscript of the receiver, that is, satisfies

Each DO _i will receive m-1 sub-vectors t′ _{j, i} , j∈{1,2,...i-1,i+1,...,m}; the final generated

satisfy

Step 2.3: The private key sk _i =(s _i , t _i , v _i ) finally generated by the participant DO _i . 4. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 3, wherein the specific realization of step 3 includes the following sub-steps: Step 3.1: DO _i performs data encryption processing, where the private data is expressed as an n-dimensional vector x _i =(xi _,1 , _xi,2 ,...,xi _,n ), each element in the vector ( xi _{, 1} , xi _{, 2} ,..., xi _{, n} ) are expressed as integers in [0, N], where the label l in the group is a number of n bits long, and the calculation H ₁ (l) is denoted as H , the calculated H _v (l) is recorded as I, and the calculated H ₂ (B ^l ) is recorded as δ; Step 3.2: Calculate Cv _i =v _i ·H _v (l)∈G ₁ ; Step 3.3: Data encryption calculation

Step 3.4: DO _i organizes the ciphertext C _i =(C _i1 , C _i2 , C _i3 , C _i4 )=(Cv _i , _Cxi , H, I) and uploads it to CS. 5. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 4, wherein the specific implementation of step 4 includes the following sub-steps: Step 4.1: DO _i generates a sub-decryption key through KGC

Send the private key and the vector y _i =(y _i,1 ,y _i,2 ,...,y _i,n ) to the KGC, where the elements in the vector y _i represent integers in [0,N]; Then KGC has y=(y ₁ ||y ₂ ||...||y _m ), where || means that the front and back parts are connected, and the vector y is a vector of n×m length; Step 4.2: KGC calculates <s _i , y _i >+<t _i , y> as

Step 4.3: Calculation

denoted as k _i ; Step 4.4: Organize sub-decryption keys

Step 4.5: KGC respectively decrypts the sub-keys

send to DO _i ; Step 4.6: DO _i assigns the sub-decryption keys to

Upload to CS. 6. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 5, wherein the specific implementation of step 5 includes the following sub-steps: Step 5.1: CS receives all ciphertexts of DO _i , and then performs verification calculation on the ciphertexts; CS first verifies the ciphertext, checks whether all parties have sent the ciphertext, and verifies the calculation

Whether it is established, verify whether all C _i3 and C _i4 are equal, and if they are equal, set C ₃ =C _i3 , C ₄ =C _i4 for any i, otherwise, they are participants under different labels; if

If it is not established, all participants did not participate in uploading the ciphertext, return to step 3.4, if passed, proceed to the next step: Step 5.2: CS receives all the sub-decryption keys of DO _i , and the sub-decryption keys

authenticating; CS first verifies the calculation

Whether it is true, if not, check whether all participants have uploaded it, if any participant has not uploaded, wait for the upload; if the equation of m sub-decryption keys is still not established, then some participants have not uploaded the sub-decryption key correctly key or maliciously uploaded by a participant, the sharing will be terminated; if passed, continue to the next step: Step 5.3: CS finishing

Get the vector y=(y ₁ ||y ₂ ||...||y _m ). 7. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 6, wherein the specific implementation of step 6 includes the following sub-steps: Step 6.1: CS calculates the ciphertext of a single participant;

The result after calculating the ciphertext of a single participant is recorded as d _i ; x _i is expressed as an n-dimensional private data vector, x _i =(xi _,1 , _xi,2 ,...,xi _,n ), x _{i, j} is expressed as the jth element in the vector x _i , j∈[1,n]; Step 6.2: CS aggregates the received sub-decryption keys to generate a decryption key dk _y ;

Step 6.3: CS aggregates and calculates the ciphertexts of all participants;

Wherein, encryption key ek _i =s _i ; Step 6.4: CS calculates D ₁ on the aggregation calculation result;

Step 6.5: Calculation

Step 6.6: CS sends the calculation result D ₂ to the participants. 8. The decentralized data aggregation and sharing method based on safe inner product calculation according to claim 7, wherein the specific implementation of step 7 includes the following sub-steps: Step 7.1: The participant calculates the value δ=H ₂ (B ^l ) through the label l; Step 7.2: Calculate D ₂ /δ to get the aggregate inner product value of all participants:

9. A decentralized data aggregation and sharing system based on secure inner product calculation, characterized in that it includes a key generation center KGC, a cloud server CS, and a group of data holders DO _i for secure data aggregation and sharing; when If there are m sharing participants, then DO _i represents the i-th participant. A group of participants negotiated in the system will have the same label l in the group, and only participants with the same label can participate in the sharing and resume output. The result of the final aggregation, i ∈ {1, 2, ..., m}; The system includes the following modules: Module 1, used for KGC to generate initial public parameters; Module 2, used for DO _i to use public parameters and generate private key sk _i interactively; Module 3 is used for DO _i to encrypt and calculate private data through sk _i and then upload the ciphertext to CS; Module 4, for sub-decryption keys generated by KGC

Upload to CS; Module 5, used for CS to verify the ciphertext uploaded by all DO _i with the same label, and to upload the sub-decryption key

Carry out verification to ensure that all participants participate effectively; Module 6, for ciphertext aggregation calculation, aggregation

Calculate and generate the decryption key dk _y , CS then uses dk _y to calculate the aggregated ciphertext, and returns the calculated intermediate value to all DO _i ; Module 7, used to restore the intermediate value returned by CS to obtain the aggregated data result of the safe inner product calculation.

Images