CN113626841B - Multi-party security calculation-based selection problem processing method - Google Patents
Multi-party security calculation-based selection problem processing method Download PDFInfo
- Publication number
- CN113626841B CN113626841B CN202110915009.5A CN202110915009A CN113626841B CN 113626841 B CN113626841 B CN 113626841B CN 202110915009 A CN202110915009 A CN 202110915009A CN 113626841 B CN113626841 B CN 113626841B
- Authority
- CN
- China
- Prior art keywords
- polynomial
- vector
- party
- elements
- single shot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Algebra (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Biology (AREA)
- Probability & Statistics with Applications (AREA)
- Operations Research (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computing Systems (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Image Processing (AREA)
Abstract
本说明书实施例提供基于多方安全计算的选择问题处理方法。通过构造集合X到向量空间的嵌入q,将m个原像P1,P2,...,Pm映射到向量空间,如集合得到对应的向量Q1,Q2,...,Qm,进而将m个原像P1,P2,...,Pm在映射f下的像f(P1),f(P2),...,f(Pm)转换为在多项式g分别以向量Q1,Q2,...,Qm的向量元素为输入时的输出。基于此,通过运行多方安全计算协议,持有映射f的第一方可以获得g(Q1),g(Q2),...,g(Qm)的第一分片作为f(P1),f(P2),...,f(Pm)的第一分片,持有P1,P2,...,Pm的第二方可以获得g(Q1),g(Q2),...,g(Qm)的第二分片作为f(P1),f(P2),...,f(Pm)的第二分片。
The embodiment of this specification provides a method for processing selection problems based on multi-party secure computing. By constructing an embedding q of the set X into the vector space, m original images P 1 , P 2 , ..., P m are mapped to the vector space, such as the set The corresponding vectors Q 1 , Q 2 , ... , Q m are obtained, and then the images f(P 1 ), f(P 2 ), ... , f(P m ) of the m original images P 1 , P 2 , ... , P m under the mapping f are converted into outputs when the polynomial g takes the vector elements of the vectors Q 1 , Q 2 , ... , Q m as inputs respectively. Based on this, by running the multi-party secure computation protocol, the first party holding the mapping f can obtain the first shard of g(Q 1 ), g(Q 2 ),..., g(Q m ) as the first shard of f(P 1 ), f(P 2 ),..., f(P m ), and the second party holding P 1 , P 2 ,..., P m can obtain the second shard of g(Q 1 ), g(Q 2 ),..., g(Q m ) as the second shard of f(P 1 ), f(P 2 ),..., f(P m ).
Description
技术领域Technical Field
本说明书涉及信息技术领域,特别涉及基于多方安全计算的选择问题处理方法。The present invention relates to the field of information technology, and in particular to a method for processing selection problems based on multi-party secure computing.
背景技术Background Art
安全多方计算又称为多方安全计算,即多方共同计算出一个函数的结果,而不泄露这个函数各方的输入数据,计算的结果以和共享形式存储于多方或公开给其中的一方或多方。因此,通过安全多方计算,能够让参与的各方在不暴露各自原始数据的情况下,计算出函数的结果。Secure multi-party computation is also called multi-party secure computation, which means that multiple parties jointly calculate the result of a function without revealing the input data of each party of the function. The result of the calculation is stored in a shared form among multiple parties or disclosed to one or more of the parties. Therefore, through secure multi-party computation, the participating parties can calculate the result of the function without exposing their original data.
一些安全多方计算过程涉及选择问题,所述选择问题可描述为从包含n个元素的集合中选出m个元素(简称n选m问题)。目前,希望提供一种基于多方安全计算的选择问题处理方法。Some secure multi-party computation processes involve selection problems, which can be described as selecting m elements from a set of n elements (referred to as the n-choose-m problem). Currently, it is desirable to provide a method for processing selection problems based on secure multi-party computation.
发明内容Summary of the invention
本说明书实施例之一提供一种基于多方安全计算的选择问题处理方法。其中,安全计算的参与方包括第一方和第二方;第一方持有私密的单射f,单射f为集合X到集合A的单射;第二方持有私密的m个原像P1,P2,…,Pm,m个原像P1,P2,…,Pm均属于集合X,集合X的元素个数为n;第一方和第二方共有单射q,单射q用于将集合X的元素映射到预设的向量空间;所述方法由第一方的设备执行,其包括:获得与单射f和单射q对应的多项式g;其中,多项式g以集合X中任一元素在单射q下的像的各向量元素为输入时的输出等于该元素在单射f下的像;获得多项式h0;第一方获得的多项式h0与第二方获得的线性变换矩阵σ和多项式h1的满足,多项式在线性变换矩阵σ作用下得到的复合多项式的两个分片为多项式h0和多项式h1;其中,所述线性变换矩阵σ用于与向量运算,以改变向量中元素的位置,所述作用使得复合多项式以线性变换矩阵σ和第一向量的运算结果的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出;从第二方的设备接收与Q1,Q2,…,Qm分别对应的其中,Q1,Q2,…,Qm分别为m个原像P1,P2,…,Pm在单射q下的像,中的每个向量为线性变换矩阵σ和Q1,Q2,…,Qm中相应向量的运算结果;计算多项式h0分别以的各向量元素为输入时的输出并基于获得[f(P1),f(P2),…,f(Pm)]的第一分片;获得多项式δg, 并将多项式δg发送给第二方的设备,以使第二方的设备能够获得[f(P1),f(P2),…,f(Pm)]的第二分片。One of the embodiments of the present specification provides a method for processing selection problems based on multi-party secure computing. Participants in the secure computing include a first party and a second party; the first party holds a private single shot f, which is a single shot from set X to set A; the second party holds m private original images P 1 , P 2 ,…, P m , and the m original images P 1 , P 2 ,…, P m all belong to set X, and the number of elements in set X is n; the first party and the second party share a single shot q, which is used to map the elements of set X to a preset vector space; the method is executed by the device of the first party, and includes: obtaining a polynomial g corresponding to the single shot f and the single shot q; wherein the output of the polynomial g when taking each vector element of the image of any element in set X under the single shot q as input is equal to the image of the element under the single shot f; obtaining the polynomial h 0 ; the polynomial obtained by the first square h 0 and the linear transformation matrix σ obtained by the second square and the polynomial h 1 satisfy the polynomial The two slices of the complex polynomial obtained under the action of the linear transformation matrix σ are polynomials h 0 and h 1 ; wherein the linear transformation matrix σ is used for vector operations to change the positions of the elements in the vector, and the action makes the output of the complex polynomial when the vector elements of the operation result of the linear transformation matrix σ and the first vector are input equal to the polynomial output when each vector element of the first vector is used as input; receiving from the second party's device the vectors corresponding to Q 1 , Q 2 , ..., Q m respectively Among them, Q 1 ,Q 2 ,…,Q m are the images of m original images P 1 ,P 2 ,…,P m under the single shot q, Each vector in is the result of the operation of the linear transformation matrix σ and the corresponding vector in Q 1 , Q 2 ,…, Q m ; the calculation polynomial h 0 is respectively The output when each vector element of is input Based on Get the first slice of [f(P 1 ),f(P 2 ),…,f(P m )]; get the polynomial δg, And the polynomial δg is sent to the device of the second party, so that the device of the second party can obtain the second fragment of [f(P 1 ), f(P 2 ), …, f(P m )].
本说明书实施例之一提供一种基于多方安全计算的选择问题处理系统。其中,安全计算的参与方包括第一方和第二方;第一方持有私密的单射f,单射f为集合X到集合A的单射;第二方持有私密的m个原像P1,P2,…,Pm,m个原像P1,P2,…,Pm均属于集合X,集合X的元素个数为n;第一方和第二方共有单射q,单射q用于将集合X的元素映射到预设的向量空间;所述系统在第一方的设备上实现,其包括:第一获得模块,用于获得与单射f和单射q对应的多项式g;其中,多项式g以集合X中任一元素在单射q下的像的各向量元素为输入时的输出等于该元素在单射f下的像;第二获得模块,用于获得多项式h0;第一方获得的多项式h0与第二方获得的线性变换矩阵σ和多项式h1的满足,多项式在线性变换矩阵σ作用下得到的复合多项式的两个分片为多项式h0和多项式h1;其中,所述线性变换矩阵σ用于与向量运算,以改变向量中元素的位置,所述作用使得复合多项式以线性变换矩阵σ和第一向量的运算结果的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出;第一接收模块,用于从第二方的设备接收与Q1,Q2,…,Qm分别对应的其中,Q1,Q2,…,Qm分别为m个原像P1,P2,…,Pm在单射q下的像,中的每个向量为线性变换矩阵σ和Q1,Q2,…,Qm中相应向量的运算结果;第一计算模块,用于计算多项式h0分别以的各向量元素为输入时的输出并基于获得[f(P1),f(P2),…,f(Pm)]的第一分片;第一发送模块,用于获得多项式δg,并将多项式δg发送给第二方的设备,以使第二方的设备能够获得[f(P1),f(P2),…,f(Pm)]的第二分片。One of the embodiments of the present specification provides a selection problem processing system based on multi-party secure computing. Participants in the secure computing include a first party and a second party; the first party holds a private single shot f, and the single shot f is a single shot from set X to set A; the second party holds m private original images P 1 , P 2 ,…, P m , and the m original images P 1 , P 2 ,…, P m all belong to set X, and the number of elements in set X is n; the first party and the second party share a single shot q, and the single shot q is used to map the elements of set X to a preset vector space; the system is implemented on the device of the first party, and includes: a first acquisition module, which is used to obtain a polynomial g corresponding to the single shot f and the single shot q; wherein the output of the polynomial g when taking the vector elements of the image of any element in set X under the single shot q as input is equal to the image of the element under the single shot f; a second acquisition module, which is used to obtain the polynomial h 0 ; the polynomial obtained by the first square h 0 and the linear transformation matrix σ obtained by the second square and the polynomial h 1 satisfy the polynomial The two slices of the complex polynomial obtained under the action of the linear transformation matrix σ are polynomials h 0 and h 1 ; wherein the linear transformation matrix σ is used for vector operations to change the positions of the elements in the vector, and the action makes the output of the complex polynomial when the vector elements of the operation result of the linear transformation matrix σ and the first vector are input equal to the polynomial output when each vector element of the first vector is used as input; a first receiving module, used to receive from the second party's device the data corresponding to Q 1 , Q 2 , ..., Q m respectively Among them, Q 1 ,Q 2 ,…,Q m are the images of m original images P 1 ,P 2 ,…,P m under the single shot q, Each vector in is the result of the operation of the linear transformation matrix σ and the corresponding vector in Q 1 , Q 2 ,…, Q m ; the first calculation module is used to calculate the polynomial h 0 respectively The output when each vector element of is input Based on Obtaining a first slice of [f(P 1 ), f(P 2 ), …, f(P m )]; a first sending module, used to obtain a polynomial δg, And the polynomial δg is sent to the device of the second party, so that the device of the second party can obtain the second fragment of [f(P 1 ), f(P 2 ), …, f(P m )].
本说明书实施例之一提供一种基于多方安全计算的选择问题处理方法。其中,安全计算的参与方包括第一方和第二方;第一方持有私密的单射f,单射f为集合X到集合A的单射;第二方持有私密的m个原像P1,P2,…,Pm,m个原像P1,P2,…,Pm均属于集合X,集合X的元素个数为n;第一方和第二方共有单射q,单射q用于将集合X的元素映射到预设的向量空间;所述方法由第二方的设备执行,其包括:获得m个原像P1,P2,…,Pm在单射q下的像Q1,Q2,…,Qm;获得线性变换矩阵σ和多项式h1;第一方获得的多项式h0与第二方获得的线性变换矩阵σ和多项式h1的满足,多项式在线性变换矩阵σ作用下得到的复合多项式的两个分片为多项式h0和多项式h1;其中,所述线性变换矩阵σ用于与向量运算,以改变向量中元素的位置,所述作用使得复合多项式以线性变换矩阵σ和第一向量的运算结果的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出;计算与Q1,Q2,…,Qm分别对应的并将发送给第一方的设备,以使第一方的设备能够获得[f(P1),f(P2),…,f(Pm)]的第一分片;其中,中的每个向量为线性变换矩阵σ和Q1,Q2,…,Qm中相应向量的运算结果;从第一方的设备接收多项式δg,其中,多项式g以集合X中任一元素在单射q下的像的各向量元素为输入时的输出等于该元素在单射f下的像;计算多项式δg分别以Q1,Q2,…,Qm的各向量元素为输入时的输出δg(Q1),δg(Q2),…,δg(Qm),计算多项式h1分别以的各向量元素为输入时的输出并基于δg(Q1),δg(Q2),…,δg(Qm)和获得[f(P1),f(P2),…,f(Pm)]的第二分片。One of the embodiments of the present specification provides a method for processing selection problems based on multi-party secure computing. Participants in the secure computing include a first party and a second party; the first party holds a private single shot f, which is a single shot from set X to set A; the second party holds m private original images P 1 , P 2 , …, P m , and the m original images P 1 , P 2 , …, P m all belong to set X, and the number of elements in set X is n; the first party and the second party share a single shot q, and the single shot q is used to map the elements of set X to a preset vector space; the method is executed by a device of the second party, and includes: obtaining images Q 1 , Q 2 , …, Q m of the m original images P 1 , P 2 , …, P m under the single shot q; obtaining a linear transformation matrix σ and a polynomial h 1 ; the polynomial obtained by the first party h 0 and the linear transformation matrix σ obtained by the second square and the polynomial h 1 satisfy the polynomial The two slices of the complex polynomial obtained under the action of the linear transformation matrix σ are polynomials h 0 and h 1 ; wherein the linear transformation matrix σ is used for vector operations to change the positions of the elements in the vector, and the action makes the output of the complex polynomial when the vector elements of the operation result of the linear transformation matrix σ and the first vector are input equal to the polynomial The output when each vector element of the first vector is used as input; calculate the corresponding values of Q 1 , Q 2 , …, Q m respectively and will is sent to the device of the first party so that the device of the first party can obtain the first fragment of [f(P 1 ), f(P 2 ), …, f(P m )]; wherein, Each vector in is the result of the operation of the linear transformation matrix σ and the corresponding vector in Q 1 ,Q 2 ,…,Q m ; the polynomial δg is received from the device of the first party, The output of the polynomial g when it takes the vector elements of the image of any element in the set X under the single shot q as input is equal to the image of the element under the single shot f; the output of the polynomial δg when it takes the vector elements of Q 1 ,Q 2 ,…,Q m as input is δg(Q 1 ),δg(Q 2 ),…,δg(Q m ), and the output of the polynomial h 1 ... The output when each vector element of is input Based on δg(Q 1 ),δg(Q 2 ),…,δg(Q m ) and Obtain the second slice of [f(P 1 ),f(P 2 ),…,f(P m )].
本说明书实施例之一提供一种基于多方安全计算的选择问题处理系统。其中,安全计算的参与方包括第一方和第二方;第一方持有私密的单射f,单射f为集合X到集合A的单射;第二方持有私密的m个原像P1,P2,…,Pm,m个原像P1,P2,…,Pm均属于集合X,集合X的元素个数为n;第一方和第二方共有单射q,单射q用于将集合X的元素映射到预设的向量空间;所述系统在第二方的设备上实现,其包括:第三获得模块,用于获得m个原像P1,P2,…,Pm在单射q下的像Q1,Q2,…,Qm;第四获得模块,用于获得线性变换矩阵σ和多项式h1;第一方获得的多项式h0与第二方获得的线性变换矩阵σ和多项式h1的满足,多项式在线性变换矩阵σ作用下得到的复合多项式的两个分片为多项式h0和多项式h1;其中,所述线性变换矩阵σ用于与向量运算,以改变向量中元素的位置,所述作用使得复合多项式以线性变换矩阵σ和第一向量的运算结果的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出;第二发送模块,用于计算与Q1,Q2,…,Qm分别对应的并将发送给第一方的设备,以使第一方的设备能够获得[f(P1),f(P2),…,f(Pm)]的第一分片;其中,中的每个向量为线性变换矩阵σ和Q1,Q2,…,Qm中相应向量的运算结果;第二接收模块,用于从第一方的设备接收多项式δg,其中,多项式g以集合X中任一元素在单射q下的像的各向量元素为输入时的输出等于该元素在单射f下的像;第二计算模块,用于:计算多项式δg分别以Q1,Q2,…,Qm的各向量元素为输入时的输出δg(Q1),δg(Q2),…,δg(Qm),计算多项式h1分别以的各向量元素为输入时的输出并基于δg(Q1),δg(Q2),…,δg(Qm)和获得[f(P1),f(P2),…,f(Pm)]的第二分片。One of the embodiments of the present specification provides a selection problem processing system based on multi-party secure computing. Participants in the secure computing include a first party and a second party; the first party holds a private single shot f, which is a single shot from set X to set A; the second party holds m private original images P 1 , P 2 , …, P m , and the m original images P 1 , P 2 , …, P m all belong to set X, and the number of elements in set X is n; the first party and the second party share a single shot q, and the single shot q is used to map the elements of set X to a preset vector space; the system is implemented on the device of the second party, and includes: a third acquisition module, used to obtain images Q 1 , Q 2 , …, Q m of the m original images P 1 , P 2 , …, P m under the single shot q; a fourth acquisition module, used to obtain a linear transformation matrix σ and a polynomial h 1 ; the polynomial obtained by the first party h 0 and the linear transformation matrix σ obtained by the second square and the polynomial h 1 satisfy the polynomial The two slices of the complex polynomial obtained under the action of the linear transformation matrix σ are polynomials h 0 and h 1 ; wherein the linear transformation matrix σ is used for vector operations to change the positions of the elements in the vector, and the action makes the output of the complex polynomial when the vector elements of the operation result of the linear transformation matrix σ and the first vector are input equal to the polynomial The output when each vector element of the first vector is used as input; the second sending module is used to calculate the corresponding values of Q 1 , Q 2 , ..., Q m respectively and will is sent to the device of the first party so that the device of the first party can obtain the first fragment of [f(P 1 ), f(P 2 ), …, f(P m )]; wherein, Each vector in is the operation result of the linear transformation matrix σ and the corresponding vector in Q 1 , Q 2 ,…, Q m ; the second receiving module is used to receive the polynomial δg from the device of the first party, The output of the polynomial g when taking the vector elements of the image of any element in the set X under the single shot q as input is equal to the image of the element under the single shot f; the second calculation module is used to: calculate the output δg(Q 1 ),δg(Q 2 ),…,δg(Q m ) of the polynomial δg when taking the vector elements of Q 1 ,Q 2 ,…,Q m as input respectively, and calculate the output of the polynomial h 1 when taking the vector elements of Q 1 ,Q 2 ,…,Q m respectively. The output when each vector element of is input Based on δg(Q 1 ),δg(Q 2 ),…,δg(Q m ) and Obtain the second slice of [f(P 1 ),f(P 2 ),…,f(P m )].
本说明书实施例之一提供一种基于多方安全计算的选择问题处理装置。所述装置包括处理器和存储设备,所述存储设备用于存储指令,当所述处理器执行指令时,实现如本说明书任一实施例所述的基于多方安全计算的选择问题处理方法。One of the embodiments of this specification provides a selection problem processing device based on multi-party secure computing. The device includes a processor and a storage device, the storage device is used to store instructions, and when the processor executes the instructions, the selection problem processing method based on multi-party secure computing as described in any embodiment of this specification is implemented.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
本说明书将以示例性实施例的方式进一步说明,这些示例性实施例将通过附图进行详细描述。这些实施例并非限制性的,在这些实施例中,相同的编号表示相同的结构,其中:This specification will be further described in the form of exemplary embodiments, which will be described in detail by the accompanying drawings. These embodiments are not restrictive, and in these embodiments, the same number represents the same structure, wherein:
图1是根据本说明书一些实施例所示的基于多方安全计算的选择问题处理方法的示例性交互流程图;FIG1 is an exemplary interactive flow chart of a method for processing a selection problem based on multi-party secure computing according to some embodiments of this specification;
图2是根据本说明书一些实施例所示的获得多项式h0,h1以及线性变换矩阵σ的示例性交互示意图;FIG. 2 is a diagram showing how to obtain a polynomial according to some embodiments of the present specification. An exemplary interaction diagram of h 0 ,h 1 and the linear transformation matrix σ;
图3是根据本说明书一些实施例所示的在第一方的设备上实现的基于多方安全计算的选择问题处理系统的示例性模块图;3 is an exemplary module diagram of a selection problem processing system based on multi-party secure computing implemented on a first party's device according to some embodiments of this specification;
图4是根据本说明书一些实施例所示的在第二方的设备上实现的基于多方安全计算的选择问题处理系统的示例性模块图。FIG. 4 is an exemplary module diagram of a selection problem processing system based on multi-party secure computation implemented on a second party's device according to some embodiments of the present specification.
具体实施方式DETAILED DESCRIPTION
为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单的介绍。显而易见地,下面描述中的附图仅仅是本说明书的一些示例或实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图将本说明书应用于其它类似情景。除非从语言环境中显而易见或另做说明,图中相同标号代表相同结构或操作。In order to more clearly illustrate the technical solutions of the embodiments of this specification, the following is a brief introduction to the drawings required for the description of the embodiments. Obviously, the drawings described below are only some examples or embodiments of this specification. For ordinary technicians in this field, this specification can also be applied to other similar scenarios based on these drawings without creative work. Unless it is obvious from the language environment or otherwise explained, the same reference numerals in the figures represent the same structure or operation.
应当理解,本文使用的“系统”、“装置”、“单元”和/或“模组”是用于区分不同级别的不同组件、元件、部件、部分或装配的一种方法。然而,如果其他词语可实现相同的目的,则可通过其他表达来替换所述词语。It should be understood that the "system", "device", "unit" and/or "module" used herein are a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, if other words can achieve the same purpose, the words can be replaced by other expressions.
如本说明书中所示,除非上下文明确提示例外情形,“一”、“一个”、“一种”和/或“该”等词并非特指单数,也可包括复数。一般说来,术语“包括”与“包含”仅提示包括已明确标识的步骤和元素,而这些步骤和元素不构成一个排它性的罗列,方法或者设备也可能包含其它的步骤或元素。As shown in this specification, unless the context clearly indicates an exception, the words "a", "an", "a kind" and/or "the" do not refer to the singular, but also include the plural. Generally speaking, the terms "include" and "comprise" only indicate the inclusion of the steps and elements that have been clearly identified, and these steps and elements do not constitute an exclusive list. The method or device may also include other steps or elements.
本说明书中使用了流程图用来说明根据本说明书的实施例的系统所执行的操作。应当理解的是,前面或后面操作不一定按照顺序来精确地执行。相反,可以按照倒序或同时处理各个步骤。同时,也可以将其他操作添加到这些过程中,或从这些过程移除某一步或数步操作。Flowcharts are used in this specification to illustrate the operations performed by the system according to the embodiments of this specification. It should be understood that the preceding or following operations are not necessarily performed precisely in order. Instead, the steps may be processed in reverse order or simultaneously. At the same time, other operations may also be added to these processes, or one or more operations may be removed from these processes.
在数学中,“群”表示一个满足封闭性、满足结合律、有单位元、有逆元的二元运算的代数结构,包括阿贝尔群、同态和共轭类。其中,通常可以使用乘法符号“*”(在无歧义时可省略)或加法符号“+”作为该二元运算的符号,但需要注意的是,该二元运算不一定等同于四则运算中的乘法或加法。若干元素通过一次或多次二元运算产生的结果可称为合值。In mathematics, a "group" refers to an algebraic structure that satisfies closure, associativity, identity, and inverse binary operations, including Abelian groups, homomorphisms, and conjugation classes. The multiplication symbol "*" (which can be omitted when there is no ambiguity) or the addition symbol "+" can usually be used as the symbol of the binary operation, but it should be noted that the binary operation is not necessarily equivalent to multiplication or addition in the four arithmetic operations. The result of one or more binary operations on several elements can be called a composite value.
群的二元运算满足:1.封闭律,对于G中的任意元素a、b,a*b仍在G中;2.结合律,对于G中的任意元素a、b和c,有(a*b)*c=a*(b*c);3.有单位元(也称作幺元),G中存在元素e,使得a*e=e*a;4.有逆元,对于G中的任一元素a,G中存在b,使得a*b=b*a=e,a、b互为逆元,此处e为单位元。值得说明的是,对于“+”表示的二元运算,e也可称为零元,逆元也可称为负元,对于G中的任意元素a、b,a-b可以表示a+(b的逆元)。群运算的次序很重要,把元素a与元素b结合,所得到的结果不一定与把元素b与元素a结合相同,即交换律a*b=b*a不一定恒成立。满足交换律的群称为阿贝尔群(交换群),不满足交换律的群称为非阿贝尔群(非交换群),阿贝尔群由自身的集合G和二元运算*构成。The binary operation of the group satisfies: 1. The closure law, for any elements a and b in G, a*b is still in G; 2. The associative law, for any elements a, b and c in G, (a*b)*c=a*(b*c); 3. There is an identity element (also called the unit element), there is an element e in G such that a*e=e*a; 4. There is an inverse element, for any element a in G, there is b in G such that a*b=b*a=e, a and b are inverse elements of each other, and e is the identity element here. It is worth noting that for the binary operation represented by "+", e can also be called the zero element, and the inverse element can also be called the negative element. For any elements a and b in G, a-b can represent a+(the inverse element of b). The order of group operations is very important. Combining element a with element b may not necessarily produce the same result as combining element b with element a, that is, the commutative law a*b=b*a may not always hold. A group that satisfies the commutative law is called an Abelian group (commutative group), and a group that does not satisfy the commutative law is called a non-Abelian group (non-commutative group). An Abelian group consists of its own set G and the binary operation *.
在数学中,映射经常等同于函数。例如,假设A和B为两个非空集合,若对A中的每个元素x,依照某种规律(或法则)f,恒有B中的唯一确定的元素y与之对应,则称对应规律f为一个从A到B的映射,A可称作始集,B可称作终集。记作f:A→B,称y为x的像,记作y=f(x),并称x为y的原像,集合A称为映射f的定义域,集合B称为f的陪域。进一步地,若映射f下不同的原像具有不同的像,则称映射f为单射(或入射/嵌入)。换句话说,f为单射,当f(a)=f(b),则a=b(若a≠b,则f(a)≠f(b))。In mathematics, a mapping is often equivalent to a function. For example, suppose A and B are two non-empty sets. If for each element x in A, according to a certain rule (or law) f, there is always a unique element y in B corresponding to it, then the corresponding rule f is called a mapping from A to B, A can be called the initial set, and B can be called the final set. It is denoted as f: A→B, y is called the image of x, denoted as y=f(x), and x is called the preimage of y. Set A is called the domain of the mapping f, and set B is called the codomain of f. Furthermore, if different preimages under the mapping f have different images, then the mapping f is called injective (or incident/embedded). In other words, f is injective, and when f(a)=f(b), then a=b (if a≠b, then f(a)≠f(b)).
进一步地,本说明书涉及一种基于(非负)整数阿贝尔群的商群,其数学表示可以是G:=Z/nZ,其中,Z为(非负)整数集合,n为正整数,“/”左边的Z表示群元素为1的整数倍,“/”右边的nZ表示群的模为n,商群Z/nZ为模以n的余数的n阶循环群。Furthermore, the present specification relates to a quotient group based on a (non-negative) integer Abelian group, whose mathematical representation can be G:=Z/nZ, wherein Z is a (non-negative) integer set, n is a positive integer, the Z on the left side of the "/" indicates that the group elements are integer multiples of 1, and the nZ on the right side of the "/" indicates that the modulus of the group is n, and the quotient group Z/nZ is a cyclic group of order n with remainders modulo n.
值得说明的是,由于计算设备通常使用固定位数(如bit)来存储计算过程中产生的数值,多方协同计算时会频繁使用涉及取模的加法、乘法(以下称为模加法、模乘法)等等。本说明书中,在没有特别说明的情况下,涉及符号的数学表示可优先按模加法、模乘法而非四则运算来理解,相关术语(如求和、和值、相乘、乘积等)也优先按模加法、模乘法而非四则运算来理解。It is worth noting that since computing devices usually use a fixed number of bits (such as bits) to store the values generated during the calculation process, multi-party collaborative calculations frequently use modular addition, multiplication (hereinafter referred to as modular addition, modular multiplication), etc. In this specification, unless otherwise specified, mathematical representations involving symbols can be understood as modular addition and modular multiplication rather than four arithmetic operations, and related terms (such as summation, sum, multiplication, product, etc.) are also understood as modular addition and modular multiplication rather than four arithmetic operations.
在一些分布式场景中,需要多方安全计算得到目标运算结果,其中,安全可以指输出结果的正确性和输入信息、输出信息的保密性。例如,在一些机器学习场景中,一方持有私密的特征数据,另一方持有私密的标签数据。若直接计算关于私密数据(特征数据/标签数据)的目标运算结果时,一旦该目标运算结果被泄露可能导致私密数据被反推出。为此,双方可各自获得私密数据x的一个和共享分片,双方获得的私密数据x的和共享分片的和值即x。然后,双方运行安全计算协议,各自得到目标运算结果f(x)的一个和共享分片。双方获得的目标运算结果f(x)的和共享分片的和值即f(x)。在两方参与的多方安全计算中,攻击者若想获知隐私数据需要得到两方的和共享分片(以下简称分片)。In some distributed scenarios, multi-party secure computation is required to obtain the target operation result, where security can refer to the correctness of the output result and the confidentiality of the input and output information. For example, in some machine learning scenarios, one party holds private feature data and the other party holds private label data. If the target operation result about the private data (feature data/label data) is directly calculated, once the target operation result is leaked, the private data may be deduced. To this end, both parties can each obtain a sum shared shard of the private data x, and the sum of the sum shared shards of the private data x obtained by both parties is x. Then, both parties run the secure computation protocol and each obtain a sum shared shard of the target operation result f(x). The sum of the sum shared shards of the target operation result f(x) obtained by both parties is f(x). In a multi-party secure computation involving two parties, if an attacker wants to know the private data, he needs to obtain the sum shared shards of the two parties (hereinafter referred to as shards).
一些安全多方计算过程涉及选择问题,该选择问题可被描述为从包含n个元素的集合中选出m个元素。该选择问题可等效为:存在映射f和m个原像P1,P2,…,Pm,计算m个原像P1,P2,…,Pm在映射f下的像f(P1),f(P2),…,f(Pm)。其中,映射f为集合X到集合A的映射,所述m个原像P1,P2,…,Pm均属于集合X,集合X的元素个数为n。在一些实施例中,对于群加法和群乘法,集合A可以是阿贝尔群,如Z/nZ。安全计算的参与方包括第一方和第二方,第一方持有私密的映射f,第二方持有私密的m个原像P1,P2,…,Pm。在安全计算过程中,第一方不希望对外暴露私有的f,第二方不希望对外暴露私有的m个原像P1,P2,…,Pm。Some secure multi-party computation processes involve a selection problem, which can be described as selecting m elements from a set containing n elements. The selection problem can be equivalent to: there exists a mapping f and m pre-images P 1 , P 2 , …, P m , and the images f(P 1 ), f(P 2 ), …, f(P m ) of the m pre-images P 1 , P 2 , …, P m under the mapping f are calculated. Wherein, the mapping f is a mapping from set X to set A, and the m pre-images P 1 , P 2 , …, P m all belong to set X, and the number of elements of set X is n. In some embodiments, for group addition and group multiplication, set A can be an Abelian group, such as Z/nZ. The participants in the secure computation include a first party and a second party, the first party holds a private mapping f, and the second party holds a private m pre-images P 1 , P 2 , …, P m . In the secure computing process, the first party does not want to expose the private f to the outside, and the second party does not want to expose the private m pre-images P 1 , P 2 , …, P m to the outside.
仅作为示例,在分布式机器学习场景中,特征方持有大量样本(如包含n个样本)的特征数据,而标签方持有样本的标签数据。训练时需要特征方和标签方将样本对齐,以便能够至少基于n个样本中m个样本(这m个样本属于特征方与标签方共有的)的数据进行训练。具体地,特征方持有所述n个样本的ID和特征数据的对应关系(不妨记为映射f),标签方至少持有所述m个样本的ID(即m个原像P1,P2,…,Pm)和标签数据的对应关系,对于同一个样本,特征方的ID与标签方的ID相同。训练时,标签方需要从特征方拿到所述m个样本的ID对应的特征数据的分片,同时特征方需要拿到所述m个样本的特征数据的分片,但并不知晓这些分片属于哪些样本。可以理解,这里的数据安全包括两方面:一方面,特征方不希望向标签方透露来自映射f的更多信息,换言之特征方仅希望向标签方提供n个样本中m个样本的特征数据的至多部分信息(如分片);另一方面,标签方不希望特征方知道己方持有的m个样本的标签数据具体对应所述n个样本中的哪些样本,即标签方不希望向特征方透露所述m个样本的ID。对于特征数据的分片的分配,需要在保证数据安全的前提下,特征方和标签方通过协同计算各自获得所述m个样本的特征数据的己方分片,即双方需要安全计算m个原像P1,P2,…,Pm在映射f下的像f(P1),f(P2),…,f(Pm)。As an example only, in a distributed machine learning scenario, the feature party holds feature data of a large number of samples (such as n samples), while the label party holds label data of the samples. During training, the feature party and the label party need to align the samples so that training can be performed based on data of at least m samples (these m samples are shared by the feature party and the label party) out of the n samples. Specifically, the feature party holds the correspondence between the IDs and feature data of the n samples (which may be recorded as mapping f), and the label party holds at least the correspondence between the IDs of the m samples (i.e., m original images P 1 , P 2 ,…, P m ) and label data. For the same sample, the ID of the feature party is the same as the ID of the label party. During training, the label party needs to obtain the slices of feature data corresponding to the IDs of the m samples from the feature party, and the feature party needs to obtain the slices of feature data of the m samples, but does not know which samples these slices belong to. It can be understood that the data security here includes two aspects: on the one hand, the feature party does not want to disclose more information from the mapping f to the label party. In other words, the feature party only wants to provide the label party with at most partial information (such as shards) of the feature data of m samples out of n samples; on the other hand, the label party does not want the feature party to know which samples of the n samples the label data of the m samples held by the label party specifically correspond to, that is, the label party does not want to disclose the IDs of the m samples to the feature party. For the allocation of shards of feature data, it is necessary to ensure data security, and the feature party and the label party each obtain their own shards of the feature data of the m samples through collaborative calculation, that is, both parties need to securely calculate the images f(P 1 ), f(P 2 ), …, f(P m ) of the m original images P 1 , P 2 , …, P m under the mapping f.
有鉴于此,本说明书实施例提供一种基于多方安全计算的选择问题处理方法。通过构造集合X到集合的嵌入q,将m个原像P1,P2,…,Pm映射到向量空间,如集合得到对应的向量Q1,Q2,…,Qm,进而将m个原像P1,P2,…,Pm在映射f下的像f(P1),f(P2),…,f(Pm)转换为在多项式g分别以向量Q1,Q2,…,Qm的向量元素为输入时的输出(记为g(Q1),g(Q2),…,g(Qm))。其中,集合为m维且汉明权重为k的向量的集合,所述向量(以下称为0/1向量)的每个向量元素为0或1,Q1,Q2,…,Qm分别为m个原像P1,P2,…,Pm在嵌入q下的像。基于此,通过运行多方安全计算协议,持有映射f的第一方可以获得g(Q1),g(Q2),…,g(Qm)的第一分片作为f(P1),f(P2),…,f(Pm)的第一分片,持有m个原像P1,P2,…,Pm的第二方可以获得g(Q1),g(Q2),…,g(Qm)的第二分片作为f(P1),f(P2),…,f(Pm)的第二分片。In view of this, the embodiment of this specification provides a method for processing selection problems based on multi-party secure computing. Embed q, map the m original images P 1 ,P 2 ,…,P m to the vector space, such as the set The corresponding vectors Q 1 , Q 2 , …, Q m are obtained, and then the images f(P 1 ), f(P 2 ), …, f(P m ) of the m original images P 1 , P 2 , …, P m under the mapping f are converted into the outputs when the polynomial g takes the vector elements of the vectors Q 1 , Q 2 , …, Q m as inputs (denoted as g(Q 1 ), g(Q 2 ), …, g(Q m )). Among them, the set is a set of vectors of m dimensions and Hamming weight k, each vector element of the vector (hereinafter referred to as 0/1 vector) is 0 or 1, and Q 1 , Q 2 , …, Q m are respectively images of m original images P 1 , P 2 , …, P m under embedding q. Based on this, by running the multi-party secure computation protocol, the first party holding the mapping f can obtain the first slice of g(Q 1 ), g(Q 2 ), …, g(Q m ) as the first slice of f(P 1 ), f(P 2 ), …, f(P m ), and the second party holding the m original images P 1 , P 2 , …, P m can obtain the second slice of g(Q 1 ), g(Q 2 ), …, g(Q m ) as the second slice of f(P 1 ), f(P 2 ), …, f(P m ).
图1是根据本说明书一些实施例所示的基于多方安全计算的选择问题处理方法的示例性交互流程图。图1中,后缀为1的步骤由持有私密的映射f的第一方执行,后缀为2步骤由持有私密的m个原像P1,P2,…,Pm的第二方执行。Figure 1 is an exemplary interactive flow chart of a selection problem processing method based on multi-party secure computation according to some embodiments of this specification. In Figure 1, the step with suffix 1 is performed by the first party holding the secret mapping f, and the step with suffix 2 is performed by the second party holding the secret m original images P 1 , P 2 , ..., P m .
步骤110-1,获得与映射f和嵌入q对应的多项式g。Step 110 - 1 , obtaining a polynomial g corresponding to the mapping f and the embedding q.
步骤110-2,获得m个原像P1,P2,…,Pm在嵌入q下的像Q1,Q2,…,Qm。Step 110 - 2 , obtaining images Q 1 , Q 2 , …, Q m of m original images P 1 , P 2 , …, P m under embedding q.
其中,嵌入q为第一方和第二方共有,即嵌入q是第一方和第二方的公共知识。嵌入q也即单射q,根据单射的定义可知,单射必定满足终集元素数量不小于始集元素数量。因此,对于集合X到集合的嵌入q,满足集合的元素数量不小于集合X的元素个数n,即关于映射f和嵌入q的更多细节,可以参考前文的相关描述。Among them, embedding q is shared by the first party and the second party, that is, embedding q is the common knowledge of the first party and the second party. Embedding q is also an injection q. According to the definition of an injection, an injection must satisfy that the number of elements in the final set is not less than the number of elements in the initial set. Therefore, for the set X to the set The embedding q satisfies the set The number of elements in is not less than the number of elements n in set X, that is, For more details about the mapping f and embedding q, please refer to the previous description.
多项式g属于多项式集合A[x1,x2,…,xm]k,多项式集合A[x1,x2,…,xm]k中的多项式具有以下特点:1.属于m元k次的齐次多项式,x1,x2,…,xm即表示多项式的m个输入元素;2.每个单项式的系数均为集合A中的元素。为了便于理解,多项式集合A[x1,x2,…,xm]k中多项式(以下简称目标多项式)的结构可以用以下数学形式来表达:The polynomial g belongs to the polynomial set A[x 1 ,x 2 ,…,x m ] k . The polynomials in the polynomial set A[x 1 ,x 2 ,…,x m ] k have the following characteristics: 1. They are homogeneous polynomials of m-ary kth degree, and x 1 ,x 2 ,…,x m represent the m input elements of the polynomial; 2. The coefficients of each monomial are all elements in the set A. For ease of understanding, the structure of the polynomials in the polynomial set A[x 1 ,x 2 ,…,x m ] k (hereinafter referred to as target polynomials) can be expressed in the following mathematical form:
其中,即单项式的系数,此系数是集合A中的元素。每个单项式可通过从多项式的m个输入元素x1,x2,…,xm选择k个输入元素得到,故每个目标多项式由个单项式组成。in, Monomial The coefficients are elements in the set A. Each monomial can be obtained by selecting k input elements from the m input elements x 1 ,x 2 ,…,x m of the polynomial, so each target polynomial is given by It consists of monomials.
集合中m维的0/1向量的各向量元素正好可以作为目标多项式的输入,而且集合中0/1向量的汉明权重为k(即0/1向量中有且仅有k个向量元素为1),结合目标多项式的结构可知:多项式g以集合X中任一元素(记为P)在嵌入q下的像(即集合中的0/1向量,记为Q)的各向量元素为输入时的输出(记为g(Q))等于多项式g的某个单项式的系数,该系数是集合A中的元素。gather Each vector element of the m-dimensional 0/1 vector can be used as the input of the target polynomial, and the set The Hamming weight of the 0/1 vector is k (that is, there are only k vector elements in the 0/1 vector that are 1). Combined with the structure of the target polynomial, we can see that the polynomial g is the image of any element in the set X (denoted as P) under the embedding q (that is, the set The output (denoted as g(Q)) when each vector element of the 0/1 vector in (denoted as Q) is input is equal to the coefficient of a monomial of the polynomial g, which is an element in the set A.
基于此,找到了一种将f(P)转换为g(Q)来计算的思路。具体地,与映射f和嵌入q对应的多项式g可满足:多项式g以集合X中任一元素(记为P)在单射q下的像(记为Q)的各向量元素为输入时的输出(记为g(Q))等于该元素在单射f下的像(记为f(P)),即g(Q)=f(P)。Based on this, we found a way to convert f(P) into g(Q) for calculation. Specifically, the polynomial g corresponding to the mapping f and the embedding q satisfies: the output (denoted as g(Q)) of the polynomial g when it takes the vector elements of the image (denoted as Q) of any element in the set X (denoted as P) under the single shot q is equal to the image of the element under the single shot f (denoted as f(P)), that is, g(Q) = f(P).
在一些实施例中,为了确保多项式g的输出的所有取值可能能够覆盖映射f下的像的所有取值可能(不超过集合A的元素个数,记为|A|),多项式g的单项式个数(即单项式系数的个数,为)可以大于或等于集合A的元素个数,即 In some embodiments, in order to ensure that all possible values of the output of the polynomial g can cover all possible values of the image under the mapping f (not exceeding the number of elements in the set A, denoted as |A|), the number of monomials of the polynomial g (that is, the number of monomial coefficients, is ) can be greater than or equal to the number of elements in set A, that is,
多项式集合A[x1,x2,…,xm]k具备一些数学性质,使得将f(P)转换为g(Q)之后可以通过适当的数学变换来获得g(Q)的分片,当然,g(Q)的分片即可作为f(P)的分片,具体细节参考后文的相关描述。The polynomial set A[x 1 ,x 2 ,…,x m ] k has some mathematical properties, so that after converting f(P) to g(Q), the slices of g(Q) can be obtained through appropriate mathematical transformation. Of course, the slices of g(Q) can be used as the slices of f(P). For specific details, please refer to the relevant description below.
步骤120-1,获得多项式h0。Step 120-1, obtain the polynomial h 0 .
步骤120-2,获得线性变换矩阵σ和多项式h1。Step 120 - 2 , obtaining a linear transformation matrix σ and a polynomial h 1 .
第一方获得的多项式h0与第二方获得的线性变换矩阵σ和多项式h1可以满足下面将详细说明此关系的由来。The first square obtains the polynomial h 0 and the linear transformation matrix σ and polynomial h 1 obtained by the second square can satisfy The origin of this relationship is explained in detail below.
首先介绍的数学含义。表示多项式在线性变换矩阵σ作用下得到的复合多项式。线性变换矩阵σ与向量进行运算,如矩阵相乘,时,可以改变向量中元素的位置,σ-1表示线性变换矩阵σ的逆矩阵,其与前述运算的结果再次运算时,可以还原元素的位置,得到所述向量。所述作用使得:复合多项式以线性变换矩阵σ和第一向量的矩阵乘积的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出。为了便于理解线性变换矩阵对多项式的作用,不妨令第一向量为V(现以列向量为例进行阐述),线性变换矩阵σ和第一向量的矩阵乘积为向量即将的各向量元素作为输入代入复合多项式可以得到以V的各向量元素作为输入的多项式即换言之,将线性变换矩阵σ的逆矩阵σ-1和第二向量(不妨记为列向量Y)的矩阵乘积(即σ-1Y)的各向量元素作为输入代入多项式可以得到以Y的各向量元素作为输入的多项式即 First, let’s introduce The mathematical meaning of . Representing polynomials The composite polynomial obtained under the action of the linear transformation matrix σ. When the linear transformation matrix σ is operated with the vector, such as matrix multiplication, the position of the elements in the vector can be changed. σ -1 represents the inverse matrix of the linear transformation matrix σ. When it is operated again with the result of the previous operation, the position of the elements can be restored to obtain the vector. The action makes the output of the composite polynomial when the vector elements of the matrix product of the linear transformation matrix σ and the first vector are taken as input equal to the polynomial The output when the vector elements of the first vector are input. To facilitate understanding of the effect of the linear transformation matrix on the polynomial, let the first vector be V (now take the column vector as an example), and the matrix product of the linear transformation matrix σ and the first vector is the vector Right now Will Substitute the vector elements of as input into the composite polynomial We can get a polynomial with each vector element of V as input Right now In other words, the inverse matrix σ -1 of the linear transformation matrix σ and the matrix product of the second vector (which may be recorded as column vector Y) (i.e., σ -1 Y) are substituted as input into the polynomial You can get a polynomial with each vector element of Y as input Right now
需要说明的是,基于若多项式g属于多项式集合A[x1,x2,…,xm]k,则复合多项式也属于该集合;对于模加法,多项式集合A[x1,x2,…,xm]k可构成群,故可将该集合中的多项式拆分成两个分片,即多项式h0和多项式h1(这两个分片也属于该集合)。实际上,计算机可以通过存储一个多项式的各个单项式系数来存储该多项式,相应地计算机可以通过对单项式系数进行运算来实现对多项式的运算。It should be noted that based on If a polynomial g belongs to the set of polynomials A[x 1 ,x 2 ,…,x m ] k , then the composite polynomial also belongs to this set; for modular addition, the polynomial set A[x 1 ,x 2 ,…,x m ] k can form a group, so the polynomials in this set can be Split into two pieces, namely, polynomial h 0 and polynomial h 1 (these two pieces also belong to the set). In fact, a computer can store a polynomial by storing its individual monomial coefficients, and accordingly, a computer can perform operations on the polynomial by performing operations on the monomial coefficients.
关于步骤120-1和步骤120-2的具体实现方式,可以参考图2及其相关描述。For the specific implementation of step 120 - 1 and step 120 - 2 , please refer to FIG. 2 and its related description.
步骤130-1,计算多项式δg,并将多项式δg发送给第二方的设备。Step 130 - 1 , calculating the polynomial δg, and sending the polynomial δg to the device of the second party.
其中,第一方的设备获得多项式g和多项式后,可以在本地计算δg。进而,第一方的设备可以将多项式δg发送给第二方的设备,以使第二方的设备能够获得g(Q1),g(Q2),…,g(Qm)的第二分片作为f(P1),f(P2),…,f(Pm)的第二分片。in, The first party device obtains the polynomial g and the polynomial Then, δg can be calculated locally. Then, the first party's device can send the polynomial δg to the second party's device, so that the second party's device can obtain the second fragment of g(Q 1 ), g(Q 2 ), …, g(Q m ) as the second fragment of f(P 1 ), f(P 2 ), …, f(P m ).
步骤130-2,计算并将发送给第一方的设备。Step 130-2, calculate and will Sent to the first party's device.
其中,第二方的设备获得线性变换矩阵σ和Q1,Q2,…,Qm后,可以在本地计算进而,第二方的设备可以将发送给第一方的设备,以使第一方的设备能够获得g(Q1),g(Q2),…,g(Qm)的第一分片作为f(P1),f(P2),…,f(Pm)的第一分片。in, After the second-party device obtains the linear transformation matrix σ and Q 1 ,Q 2 ,…,Q m , it can calculate locally Then, the second party's device can The first party device is sent to the first party device so that the first party device can obtain the first fragment of g(Q 1 ), g(Q 2 ), …, g(Q m ) as the first fragment of f(P 1 ), f(P 2 ), …, f(P m ).
步骤140-1,从第二方的设备接收 Step 140-1, receiving from the second party's device
步骤150-1,计算多项式h0分别以的各向量元素为输入时的输出并基于获得f(Q1),f(Q2),…,f(Qm)的第一分片。Step 150-1, calculate the polynomial h 0 respectively The output when each vector element of is input Based on Obtain the first fragment of f(Q 1 ), f(Q 2 ), …, f(Q m ).
在一些实施例中,第一方的设备可以直接将作为g(Q1),g(Q2),…,g(Qm)的第一分片,即获得f(P1),f(P2),…,f(Pm)的第一分片。相应地,第二方的设备可以计算得到g(Q1),g(Q2),…,g(Qm)的第二分片,即获得f(P1),f(P2),…,f(Pm)的第二分片。In some embodiments, the first party's device may directly As the first fragment of g(Q 1 ), g(Q 2 ), …, g(Q m ), the first fragment of f(P 1 ), f(P 2 ), …, f(P m ) is obtained. Accordingly, the second party's device can calculate The second slices of g(Q 1 ), g(Q 2 ), …, g(Q m ) are obtained, that is, the second slices of f(P 1 ), f(P 2 ), …, f(P m ) are obtained.
步骤140-2,从第一方的设备接收多项式δg。Step 140 - 2 : Receive polynomial δg from the first party's device.
步骤150-2,计算多项式δg分别以Q1,Q2,…,Qm的各向量元素为输入时的输出δg(Q1),δg(Q2),…,δg(Qm),计算多项式h1分别以的各向量元素为输入时的输出基于δg(Q1),δg(Q2),…,δg(Qm)和获得f(Q1),f(Q2),…,f(Qm)的第二分片。Step 150-2, calculate the outputs δg(Q 1 ), δg(Q 2 ), …, δg(Q m ) of the polynomial δg when the vector elements of Q 1 , Q 2 , …, Q m are used as inputs, and calculate the polynomial h 1 when the vector elements of Q 1 , Q 2 , …, Q m are used as inputs. The output when each vector element of is input Based on δg(Q 1 ),δg(Q 2 ),…,δg(Q m ) and Obtain the second fragment of f(Q 1 ), f(Q 2 ), …, f(Q m ).
在一些实施例中,第二方的设备可以计算 得到g(Q1),g(Q2),…,g(Qm)的第二分片,即获得f(P1),f(P2),…,f(Pm)的第二分片。相应地,第一方的设备可以将作为g(Q1),g(Q2),…,g(Qm)的第一分片,即获得f(P1),f(P2),…,f(Pm)的第一分片。In some embodiments, the second party's device may calculate The second fragments of g(Q 1 ), g(Q 2 ), …, g(Q m ) are obtained, that is, the second fragments of f(P 1 ), f(P 2 ), …, f(P m ) are obtained. Accordingly, the first party's device can As the first fragment of g(Q 1 ), g(Q 2 ), …, g(Q m ), the first fragment of f(P 1 ), f(P 2 ), …, f(P m ) is obtained.
可以理解,基于即g(Q)=δg(Q)+h0(σQ)+h1(σQ),可以对本说明书中示例的计算g(Q)的分片的具体方式进行适当调整,调整后的实施例依然在本说明书范围内。仅作为示例,第一方的设备可以计算得到g(Q1)的第一分片,第二方的设备可以计算得到g(Q1)的第二分片,其中,k是第一方和第二方的公共知识。Understandably, based on That is, g(Q) = δg(Q) + h 0 (σQ) + h 1 (σQ). The specific method of calculating g(Q) in the example of this specification can be appropriately adjusted, and the adjusted embodiment is still within the scope of this specification. As an example only, the first party's device can calculate After obtaining the first fragment of g(Q 1 ), the second party's device can calculate A second slice of g(Q 1 ) is obtained, where k is the common knowledge of the first party and the second party.
回顾前述内容,第一向量V也可以为行向量,则有将行向量的各向量元素作为输入代入复合多项式可得到以行向量V的各向量元素为输入的多项式即相应地,无论第一向量是行向量还是列向量,线性变换矩阵σ的逆矩阵σ-1对多项式g的作用都使得复合多项式以线性变换矩阵σ和第一向量的矩阵乘积的各向量元素为输入时的输出,等于多项式以所述第一向量的各向量元素为输入时的输出,区别仅在于相关的矩阵(如σ、σ-1)是左乘向量还是右乘向量。Recalling the above content, the first vector V can also be a row vector, then we have The row vector Substitute the vector elements of as input into the composite polynomial The polynomial with each vector element of the row vector V as input can be obtained Right now Accordingly, Regardless of whether the first vector is a row vector or a column vector, the effect of the inverse matrix σ -1 of the linear transformation matrix σ on the polynomial g makes the output of the composite polynomial when it takes the vector elements of the matrix product of the linear transformation matrix σ and the first vector as input equal to the polynomial The output when each vector element of the first vector is used as input only differs in whether the relevant matrix (such as σ, σ −1 ) is a left-multiplied vector or a right-multiplied vector.
在一些实施例中,线性变换矩阵σ可以是矩阵元素为0或1的可逆矩阵(可称作可逆的0/1矩阵),这样的可逆矩阵可以通过伪随机函数或者随机变换单位矩阵的行和/或列来获得。鉴于线性变换矩阵σ会与向量Q间产生运算,而向量Q本来就是向量元素为0或1(即每个向量元素占用1bit)的向量,若采用矩阵元素为0或1(即每个矩阵元素占用1bit)的线性变换矩阵σ,则计算出的的每个向量元素也可以用1bit来存储,可以最大程度地节省传输(参见步骤130-2)产生的通信量。In some embodiments, the linear transformation matrix σ may be a reversible matrix (referred to as a reversible 0/1 matrix) whose matrix elements are 0 or 1. Such a reversible matrix may be obtained by a pseudo-random function or by randomly transforming the rows and/or columns of the identity matrix. Since the linear transformation matrix σ will generate an operation with the vector Q, and the vector Q is originally a vector whose vector elements are 0 or 1 (i.e., each vector element occupies 1 bit), if the linear transformation matrix σ whose matrix elements are 0 or 1 (i.e., each matrix element occupies 1 bit) is used, the calculated Each vector element can also be stored with 1 bit, which can save transmission to the greatest extent. (See step 130-2) The generated communication volume.
图2是根据本说明书一些实施例所示的获得多项式h0,h1以及线性变换矩阵σ的示例性交互示意图。FIG. 2 is a diagram showing how to obtain a polynomial according to some embodiments of the present specification. An exemplary interaction diagram of h 0 , h 1 and the linear transformation matrix σ.
如图2所示,参与安全计算的两方可以在第三方设备的协助下获得多项式h0,h1以及线性变换矩阵σ。首先,第三方设备能够获得满足的多项式h0,h1以及线性变换矩阵σ,进而将多项式h0发送给第一方的设备,将多项式h1和线性变换矩阵σ发送给第二方的设备。As shown in Figure 2, the two parties involved in the secure computation can obtain the polynomial with the assistance of a third-party device. h 0 ,h 1 and the linear transformation matrix σ. First, the third-party device can obtain The polynomial h 0 ,h 1 and the linear transformation matrix σ, and then transform the polynomial h 0 is sent to the first party's device, and the polynomial h 1 and the linear transformation matrix σ are sent to the second party's device.
为了节省通信量,可以利用伪随机函数生成多项式h0,h1以及线性变换矩阵σ中的一个或多个数据。伪随机函数接受种子作为输入以随机生成数值(可控制在一定大小范围内,如集合A内)或其他类型的数据(如可逆矩阵),当种子固定时,可以生成固定的数值或固定值的其他类型数据。基于此,对于多项式h0,h1以及线性变换矩阵σ中的任一数据,安全计算的参与方可以与第三方设备提前约定好种子,以在不通信的情况下利用伪随机函数生成相同(相等)的该数据。In order to save communication traffic, a pseudo-random function can be used to generate polynomials h 0 ,h 1 and one or more data in the linear transformation matrix σ. The pseudo-random function accepts a seed as input to randomly generate a value (which can be controlled within a certain size range, such as within the set A) or other types of data (such as a reversible matrix). When the seed is fixed, a fixed value or other types of data with a fixed value can be generated. Based on this, for the polynomial For any data in h 0 ,h 1 and the linear transformation matrix σ, the participants in the secure computing can agree on a seed in advance with the third-party device to generate the same (equal) data using a pseudo-random function without communication.
例如,通过提前约定好种子,第一方的设备和第三方设备可以利用伪随机函数生成多项式的单项式系数以获得多项式利用伪随机函数生成多项式h0的单项式系数以获得多项式h0。相应地,通过提前约定好种子,第二方的设备和第三方设备可以利用伪随机函数生成可逆的线性变换矩阵σ。第三方设备生成多项式h0以及线性变换矩阵σ后,可以基于 计算(如按计算)多项式h1并将多项式h1发送给第二方的设备。For example, by agreeing on a seed in advance, the first-party device and the third-party device can use a pseudo-random function to generate a polynomial The monomial coefficients of the polynomial The polynomial coefficients of the polynomial h 0 are generated using a pseudo-random function to obtain the polynomial h 0 . Accordingly, by agreeing on a seed in advance, the second-party device and the third-party device can generate a reversible linear transformation matrix σ using a pseudo-random function. The third-party device generates the polynomial h 0 and the linear transformation matrix σ, we can Calculate (if ) calculate the polynomial h 1 and send the polynomial h 1 to the device of the second party.
又如,通过提前约定好种子,第二方的设备和第三方设备可以利用伪随机函数生成多项式h1的单项式系数以获得多项式h1,以及利用伪随机函数生成可逆的线性变换矩阵σ。相应地,通过提前约定好种子,第一方的设备和第三方设备可以利用伪随机函数生成多项式的单项式系数以获得多项式第三方设备生成多项式h1以及线性变换矩阵σ后,可以基于计算(如按计算)多项式h0并将多项式h0发送给第一方的设备。For another example, by agreeing on a seed in advance, the second party's device and the third party's device can use a pseudo-random function to generate the monomial coefficients of the polynomial h 1 to obtain the polynomial h 1 , and use a pseudo-random function to generate a reversible linear transformation matrix σ. Accordingly, by agreeing on a seed in advance, the first party's device and the third party's device can use a pseudo-random function to generate the polynomial The monomial coefficients of the polynomial Third-party device generator polynomial h 1 and the linear transformation matrix σ, we can Calculate (if ) calculate the polynomial h 0 and send the polynomial h 0 to the device of the first party.
在一些实施例中,也可以由第一方和/或第二方的设备生成多项式h0,h1以及线性变换矩阵σ中的一个或多个数据,并将生成的一个或多个数据发送给第三方设备,以便第三方设备基于第一方和/或第二方已提供的数据以及计算多项式h0,h1以及线性变换矩阵σ中待计算的数据。通常,多项式h0和多项式h1中至少有一个多项式需要由第三方设备计算单项式系数并将计算的单项式系数发送给相应方的设备。In some embodiments, the polynomial may also be generated by the first party and/or the second party's device h 0 ,h 1 and one or more data in the linear transformation matrix σ, and send the generated one or more data to the third-party device, so that the third-party device can be based on the data provided by the first party and/or the second party and Evaluating Polynomials h 0 ,h 1 and the data to be calculated in the linear transformation matrix σ. Usually, at least one of the polynomials h 0 and h 1 needs to have its monomial coefficients calculated by a third-party device and the calculated monomial coefficients sent to the device of the corresponding party.
在一些实施例中,对于固定的映射f,可以进行多轮安全计算,每一轮次安全计算一组原像(每组包括m个原像P1,P2,…,Pm)在映射f下的像f(P1),f(P2),…,f(Pm)。例如,在前文介绍的分布式机器学习场景中,假设标签方持有27个样本的标签数据,标签方可以将这27个样本分成4组,每组25个样本。即,特征方和标签方可以进行4轮安全计算,每一轮次安全计算25个样本的ID对应的特征数据的分片。In some embodiments, for a fixed mapping f, multiple rounds of secure computation may be performed, and each round securely computes the images f(P 1 ), f(P 2 ), …, f(P m ) of a group of original images (each group includes m original images P 1 , P 2 , …, P m ) under the mapping f. For example, in the distributed machine learning scenario described above, assuming that the label party holds the label data of 2 7 samples, the label party may divide the 2 7 samples into 4 groups, each with 2 5 samples. That is, the feature party and the label party may perform 4 rounds of secure computation, and each round securely computes the shards of the feature data corresponding to the IDs of the 2 5 samples.
值得说明的是,当映射f不变时,再固定嵌入q可使与映射f和嵌入q对应的多项式g也不变,进一步固定多项式可使多项式δg也不变。因此,多轮安全计算中可以只传输一次多项式δg。It is worth noting that when the mapping f remains unchanged, fixing the embedding q can make the polynomial g corresponding to the mapping f and the embedding q unchanged. Further fixing the polynomial The polynomial δg can also remain unchanged. Therefore, the polynomial δg can be transmitted only once in multiple rounds of secure computing.
相比直接安全计算所有原像在映射f下的像,将所有原像分成若干组并进行多轮安全计算的做法可以获得一个较小的m,小的m可以降低一系列数据(如向量P和Q、矩阵σ、单个多项式包含的单项式个数)的维度,因此可以缓解计算过程中的存储压力和处理压力。Compared with directly and securely calculating the images of all original images under the mapping f, dividing all original images into several groups and performing multiple rounds of secure calculations can obtain a smaller m. A small m can reduce the dimensions of a series of data (such as vectors P and Q, matrix σ, and the number of monomials contained in a single polynomial), thereby alleviating the storage and processing pressures during the calculation process.
应当注意的是,上述有关流程的描述仅仅是为了示例和说明,而不限定本说明书的适用范围。对于本领域技术人员来说,在本说明书的指导下可以对流程进行各种修正和改变。然而,这些修正和改变仍在本说明书的范围之内。It should be noted that the above description of the relevant process is only for example and explanation, and does not limit the scope of application of this specification. For those skilled in the art, various modifications and changes can be made to the process under the guidance of this specification. However, these modifications and changes are still within the scope of this specification.
图3是根据本说明书一些实施例所示的基于多方安全计算的选择问题处理系统的示例性模块图。系统300可以在第一方的设备上实现。如图3所示,系统300可以包括第一获得模块310、第二获得模块320、第一接收模块330、第一计算模块340和第一发送模块350。FIG3 is an exemplary module diagram of a selection problem processing system based on multi-party secure computation according to some embodiments of this specification. System 300 can be implemented on a first party's device. As shown in FIG3 , system 300 may include a first obtaining module 310, a second obtaining module 320, a first receiving module 330, a first calculating module 340, and a first sending module 350.
第一获得模块310可以用于获得与单射f和单射q对应的多项式g。The first obtaining module 310 may be used to obtain a polynomial g corresponding to the single shot f and the single shot q.
第二获得模块320可以用于获得多项式h0。The second obtaining module 320 can be used to obtain the polynomial h 0 .
第一接收模块330可以用于从第二方的设备接收 The first receiving module 330 may be used to receive data from a device of the second party.
第一计算模块340可以用于计算多项式h0分别以的各向量元素为输入时的输出 The first calculation module 340 can be used to calculate the polynomial h 0 respectively as The output when each vector element of is input
第一发送模块350可以用于获得多项式δg,并将多项式δg发送给第二方的设备,以使第二方的设备能够获得f(P1),f(P2),…,f(Pm)的第二分片。The first sending module 350 may be used to obtain the polynomial δg, and send the polynomial δg to the second party's device, so that the second party's device can obtain the second fragment of f(P 1 ), f(P 2 ), …, f(P m ).
图4是根据本说明书一些实施例所示的基于多方安全计算的选择问题处理系统的示例性模块图。系统400可以在第一方的设备上实现。如图4所示,系统400可以包括第三获得模块410、第四获得模块420、第二发送模块430、第二接收模块440和第二计算模块450。FIG4 is an exemplary module diagram of a selection problem processing system based on multi-party secure computation according to some embodiments of this specification. System 400 can be implemented on a first party's device. As shown in FIG4 , system 400 may include a third obtaining module 410, a fourth obtaining module 420, a second sending module 430, a second receiving module 440, and a second computing module 450.
第三获得模块410可以用于获得m个原像P1,P2,…,Pm在单射q下的像Q1,Q2,…,Qm。The third obtaining module 410 may be used to obtain images Q 1 , Q 2 , ..., Q m of m original images P 1 , P 2 , ..., P m under a single shot q.
第四获得模块420可以用于获得线性变换矩阵σ和多项式h1。The fourth obtaining module 420 may be used to obtain a linear transformation matrix σ and a polynomial h 1 .
第二发送模块430可以用于计算并将发送给第一方的设备。The second sending module 430 can be used to calculate and will Sent to the first party's device.
第二接收模块440可以用于从第一方的设备接收多项式δg。The second receiving module 440 may be configured to receive the polynomial δg from a device of the first party.
第二计算模块450可以用于计算多项式δg分别以Q1,Q2,…,Qm的各向量元素为输入时的输出δg(Q1),δg(Q2),…,δg(Qm),计算多项式h1分别以的各向量元素为输入时的输出基于δg(Q1),δg(Q2),…,δg(Qm)和获得f(Q1),f(Q2),…,f(Qm)的第二分片。The second calculation module 450 can be used to calculate the outputs δg(Q 1 ), δg(Q 2 ), …, δg(Q m ) of the polynomial δg when the vector elements of Q 1 , Q 2 , …, Q m are used as inputs, and calculate the outputs δg(Q 1 ), δg(Q 2 ), …, δg(Q m ) of the polynomial h 1 when the vector elements of Q 1 , Q 2 , …, Q m are used as inputs. The output when each vector element of is input Based on δg(Q 1 ),δg(Q 2 ),…,δg(Q m ) and Obtain the second fragment of f(Q 1 ), f(Q 2 ), …, f(Q m ).
关于系统300、400及其模块的更多细节,可以参考流程100及其相关描述。For more details about the systems 300 , 400 and their modules, please refer to the process 100 and its related description.
应当理解,图3、4所示的系统及其模块可以利用各种方式来实现。例如,在一些实施例中,系统及其模块可以通过硬件、软件或者软件和硬件的结合来实现。其中,硬件部分可以利用专用逻辑来实现;软件部分则可以存储在存储器中,由适当的指令执行系统,例如微处理器或者专用设计硬件来执行。本领域技术人员可以理解上述的方法和系统可以使用计算机可执行指令和/或包含在处理器控制代码中来实现,例如在诸如磁盘、CD或DVD-ROM的载体介质、诸如只读存储器(固件)的可编程的存储器或者诸如光学或电子信号载体的数据载体上提供了这样的代码。本说明书的系统及其模块不仅可以有诸如超大规模集成电路或门阵列、诸如逻辑芯片、晶体管等的半导体、或者诸如现场可编程门阵列、可编程逻辑设备等的可编程硬件设备的硬件电路实现,也可以用例如由各种类型的处理器所执行的软件实现,还可以由上述硬件电路和软件的结合(例如,固件)来实现。It should be understood that the systems and modules shown in Figures 3 and 4 can be implemented in various ways. For example, in some embodiments, the system and its modules can be implemented by hardware, software, or a combination of software and hardware. Among them, the hardware part can be implemented using dedicated logic; the software part can be stored in a memory and executed by an appropriate instruction execution system, such as a microprocessor or dedicated design hardware. Those skilled in the art will understand that the above methods and systems can be implemented using computer executable instructions and/or included in processor control codes, such as carrier media such as disks, CDs or DVD-ROMs, programmable memories such as read-only memories (firmware), or data carriers such as optical or electronic signal carriers. Such codes are provided on the system and its modules of this specification. Not only can the hardware circuits such as ultra-large-scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc. be implemented, they can also be implemented with software such as executed by various types of processors, and can also be implemented by a combination of the above hardware circuits and software (e.g., firmware).
需要注意的是,以上对于系统及其模块的描述,仅为描述方便,并不能把本说明书限制在所举实施例范围之内。可以理解,对于本领域的技术人员来说,在了解系统的原理后,可能在不背离这一原理的情况下,对各个模块进行任意组合,或者构成子系统与其他模块连接。例如,在一些实施例中,第一获得模块310和第二获得模块320可以是两个模块,也可以合并为一个模块。诸如此类的变形,均在本说明书的保护范围之内。It should be noted that the above description of the system and its modules is only for convenience of description and cannot limit this specification to the scope of the embodiments. It is understandable that for those skilled in the art, after understanding the principle of the system, it is possible to arbitrarily combine the modules or form a subsystem to connect with other modules without deviating from this principle. For example, in some embodiments, the first acquisition module 310 and the second acquisition module 320 can be two modules or can be combined into one module. Such variations are all within the scope of protection of this specification.
本说明书实施例可能带来的有益效果包括但不限于:提供了基于多方安全计算的n选m问题处理方法,可以保护计算双方的数据隐私。需要说明的是,不同实施例可能产生的有益效果不同,在不同的实施例里,可能产生的有益效果可以是以上任意一种或几种的组合,也可以是其他任何可能获得的有益效果。The beneficial effects that may be brought about by the embodiments of this specification include but are not limited to: providing a method for processing the n-choose-m problem based on multi-party secure computing, which can protect the data privacy of both parties of the computing. It should be noted that different embodiments may produce different beneficial effects. In different embodiments, the beneficial effects that may be produced may be any one or a combination of the above, or any other possible beneficial effects.
上文已对基本概念做了描述,显然,对于本领域技术人员来说,上述详细披露仅仅作为示例,而并不构成对本说明书实施例的限定。虽然此处并没有明确说明,本领域技术人员可能会对本说明书实施例进行各种修改、改进和修正。该类修改、改进和修正在本说明书实施例中被建议,所以该类修改、改进、修正仍属于本说明书示范实施例的精神和范围。The basic concepts have been described above. Obviously, for those skilled in the art, the above detailed disclosure is only for example and does not constitute a limitation on the embodiments of this specification. Although not explicitly stated here, those skilled in the art may make various modifications, improvements and corrections to the embodiments of this specification. Such modifications, improvements and corrections are suggested in the embodiments of this specification, so such modifications, improvements and corrections still belong to the spirit and scope of the exemplary embodiments of this specification.
同时,本说明书使用了特定词语来描述本说明书的实施例。如“一个实施例”、“一实施例”、和/或“一些实施例”意指与本说明书至少一个实施例相关的某一特征、结构或特点。因此,应强调并注意的是,本说明书中在不同位置两次或多次提及的“一实施例”或“一个实施例”或“一个替代性实施例”并不一定是指同一实施例。此外,本说明书的一个或多个实施例中的某些特征、结构或特点可以进行适当的组合。At the same time, this specification uses specific words to describe the embodiments of this specification. For example, "one embodiment", "an embodiment", and/or "some embodiments" refer to a certain feature, structure or characteristic related to at least one embodiment of this specification. Therefore, it should be emphasized and noted that "one embodiment" or "an embodiment" or "an alternative embodiment" mentioned twice or more in different positions in this specification does not necessarily refer to the same embodiment. In addition, certain features, structures or characteristics in one or more embodiments of this specification can be appropriately combined.
此外,本领域技术人员可以理解,本说明书实施例的各方面可以通过若干具有可专利性的种类或情况进行说明和描述,包括任何新的和有用的工序、机器、产品或物质的组合,或对他们的任何新的和有用的改进。相应地,本说明书实施例的各个方面可以完全由硬件执行、可以完全由软件(包括固件、常驻软件、微码等)执行、也可以由硬件和软件组合执行。以上硬件或软件均可被称为“数据块”、“模块”、“引擎”、“单元”、“组件”或“系统”。此外,本说明书实施例的各方面可能表现为位于一个或多个计算机可读介质中的计算机产品,该产品包括计算机可读程序编码。In addition, it will be appreciated by those skilled in the art that the various aspects of the embodiments of this specification may be illustrated and described by a number of patentable categories or situations, including any new and useful process, machine, product or combination of substances, or any new and useful improvements thereto. Accordingly, the various aspects of the embodiments of this specification may be performed entirely by hardware, entirely by software (including firmware, resident software, microcode, etc.), or by a combination of hardware and software. The above hardware or software may all be referred to as "data blocks", "modules", "engines", "units", "components" or "systems". In addition, the various aspects of the embodiments of this specification may be represented as a computer product located in one or more computer-readable media, the product including computer-readable program code.
计算机存储介质可能包含一个内含有计算机程序编码的传播数据信号,例如在基带上或作为载波的一部分。该传播信号可能有多种表现形式,包括电磁形式、光形式等,或合适的组合形式。计算机存储介质可以是除计算机可读存储介质之外的任何计算机可读介质,该介质可以通过连接至一个指令执行系统、装置或设备以实现通讯、传播或传输供使用的程序。位于计算机存储介质上的程序编码可以通过任何合适的介质进行传播,包括无线电、电缆、光纤电缆、RF、或类似介质,或任何上述介质的组合。A computer storage medium may include a propagated data signal containing computer program code, for example, in baseband or as part of a carrier wave. The propagated signal may be in a variety of forms, including electromagnetic, optical, etc., or a suitable combination. A computer storage medium may be any computer-readable medium other than a computer-readable storage medium, which can be connected to an instruction execution system, device or apparatus to communicate, propagate or transmit the program for use. The program code on the computer storage medium may be transmitted via any suitable medium, including radio, cable, fiber optic cable, RF, or similar media, or any combination of the above media.
本说明书实施例各部分操作所需的计算机程序编码可以用任意一种或多种程序语言编写,包括面向对象编程语言如Java、Scala、Smalltalk、Eiffel、JADE、Emerald、C++、C#、VB.NET、Python等,常规程序化编程语言如C语言、VisualBasic、Fortran2003、Perl、COBOL2002、PHP、ABAP,动态编程语言如Python、Ruby和Groovy,或其他编程语言等。该程序编码可以完全在用户计算机上运行、或作为独立的软件包在用户计算机上运行、或部分在用户计算机上运行部分在远程计算机运行、或完全在远程计算机或处理设备上运行。在后种情况下,远程计算机可以通过任何网络形式与用户计算机连接,比如局域网(LAN)或广域网(WAN),或连接至外部计算机(例如通过因特网),或在云计算环境中,或作为服务使用如软件即服务(SaaS)。The computer program coding required for the operation of each part of the embodiment of this specification can be written in any one or more programming languages, including object-oriented programming languages such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET, Python, etc., conventional procedural programming languages such as C language, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages, etc. The program coding can be run completely on the user's computer, or run on the user's computer as an independent software package, or partly run on the user's computer and partly run on the remote computer, or run completely on the remote computer or processing equipment. In the latter case, the remote computer can be connected to the user's computer by any network form, such as a local area network (LAN) or a wide area network (WAN), or connected to an external computer (e.g., by the Internet), or in a cloud computing environment, or used as a service such as software as a service (SaaS).
此外,除非权利要求中明确说明,本说明书实施例所述处理元素和序列的顺序、数字字母的使用、或其他名称的使用,并非用于限定本说明书实施例流程和方法的顺序。尽管上述披露中通过各种示例讨论了一些目前认为有用的发明实施例,但应当理解的是,该类细节仅起到说明的目的,附加的权利要求并不仅限于披露的实施例,相反,权利要求旨在覆盖所有符合本说明书实施例实质和范围的修正和等价组合。例如,虽然以上所描述的系统组件可以通过硬件设备实现,但是也可以只通过软件的解决方案得以实现,如在现有的处理设备或移动设备上安装所描述的系统。In addition, unless explicitly stated in the claims, the order of the processing elements and sequences described in the embodiments of this specification, the use of alphanumeric characters, or the use of other names are not intended to limit the order of the processes and methods of the embodiments of this specification. Although the above disclosure discusses some invention embodiments that are currently considered useful through various examples, it should be understood that such details are only for illustrative purposes, and the attached claims are not limited to the disclosed embodiments. On the contrary, the claims are intended to cover all modifications and equivalent combinations that are consistent with the essence and scope of the embodiments of this specification. For example, although the system components described above can be implemented by hardware devices, they can also be implemented only by software solutions, such as installing the described system on an existing processing device or mobile device.
同理,应当注意的是,为了简化本说明书实施例披露的表述,从而帮助对一个或多个发明实施例的理解,前文对本说明书实施例的描述中,有时会将多种特征归并至一个实施例、附图或对其的描述中。但是,这种披露方法并不意味着本说明书实施例对象所需要的特征比权利要求中提及的特征多。实际上,实施例的特征要少于上述披露的单个实施例的全部特征。Similarly, it should be noted that in order to simplify the description of the embodiments disclosed in this specification, thereby helping to understand one or more embodiments of the invention, in the above description of the embodiments of this specification, multiple features are sometimes combined into one embodiment, figure or description thereof. However, this disclosure method does not mean that the features required by the objects of the embodiments of this specification are more than the features mentioned in the claims. In fact, the features of the embodiments are less than all the features of the single embodiment disclosed above.
针对本说明书引用的每个专利、专利申请、专利申请公开物和其他材料,如文章、书籍、说明书、出版物、文档等,特此将其全部内容并入本说明书作为参考。与本说明书内容不一致或产生冲突的申请历史文件除外,对本说明书权利要求最广范围有限制的文件(当前或之后附加于本说明书中的)也除外。需要说明的是,如果本说明书附属材料中的描述、定义、和/或术语的使用与本说明书所述内容有不一致或冲突的地方,以本说明书的描述、定义和/或术语的使用为准。Each patent, patent application, patent application publication, and other materials, such as articles, books, specifications, publications, documents, etc., cited in this specification are hereby incorporated by reference in their entirety. Except for application history documents that are inconsistent with or conflicting with the contents of this specification, documents that limit the broadest scope of the claims of this specification (currently or later attached to this specification) are also excluded. It should be noted that if the descriptions, definitions, and/or use of terms in the materials attached to this specification are inconsistent or conflicting with the contents described in this specification, the descriptions, definitions, and/or use of terms in this specification shall prevail.
最后,应当理解的是,本说明书中所述实施例仅用以说明本说明书实施例的原则。其他的变形也可能属于本说明书实施例的范围。因此,作为示例而非限制,本说明书实施例的替代配置可视为与本说明书的教导一致。相应地,本说明书的实施例不仅限于本说明书明确介绍和描述的实施例。Finally, it should be understood that the embodiments described in this specification are only used to illustrate the principles of the embodiments of this specification. Other variations may also fall within the scope of the embodiments of this specification. Therefore, as an example and not a limitation, alternative configurations of the embodiments of this specification may be considered consistent with the teachings of this specification. Accordingly, the embodiments of this specification are not limited to the embodiments explicitly introduced and described in this specification.
Claims (19)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110915009.5A CN113626841B (en) | 2021-08-10 | 2021-08-10 | Multi-party security calculation-based selection problem processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110915009.5A CN113626841B (en) | 2021-08-10 | 2021-08-10 | Multi-party security calculation-based selection problem processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113626841A CN113626841A (en) | 2021-11-09 |
| CN113626841B true CN113626841B (en) | 2024-10-29 |
Family
ID=78384128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110915009.5A Active CN113626841B (en) | 2021-08-10 | 2021-08-10 | Multi-party security calculation-based selection problem processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113626841B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113987559B (en) * | 2021-12-24 | 2022-04-08 | 支付宝(杭州)信息技术有限公司 | Method and device for jointly processing data by two parties for protecting data privacy |
| CN115526309A (en) * | 2022-09-19 | 2022-12-27 | 蚂蚁区块链科技(上海)有限公司 | Method and device for jointly updating model based on multi-party security computing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101622627A (en) * | 2007-02-23 | 2010-01-06 | 克劳克维尔公司 | Protection is the program of media and the interlocking system and the method for device condition with software |
| CN112989368A (en) * | 2021-02-07 | 2021-06-18 | 支付宝(杭州)信息技术有限公司 | Method and device for processing private data by combining multiple parties |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008101340A1 (en) * | 2007-02-23 | 2008-08-28 | Cloakware Corporation | System and method for interlocking to protect software-mediated program and device behaviours |
| US10075288B1 (en) * | 2014-02-28 | 2018-09-11 | The Governing Council Of The University Of Toronto | Systems, devices, and processes for homomorphic encryption |
| US20210167946A1 (en) * | 2018-04-17 | 2021-06-03 | B. G. Negev Technologies & Applications Ltd., At Ben-Gurion | One-Round Secure Multiparty Computation of Arithmetic Streams and Evaluation of Functions |
| CN113094763B (en) * | 2021-04-12 | 2022-03-29 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method and system for protecting data privacy |
-
2021
- 2021-08-10 CN CN202110915009.5A patent/CN113626841B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101622627A (en) * | 2007-02-23 | 2010-01-06 | 克劳克维尔公司 | Protection is the program of media and the interlocking system and the method for device condition with software |
| CN112989368A (en) * | 2021-02-07 | 2021-06-18 | 支付宝(杭州)信息技术有限公司 | Method and device for processing private data by combining multiple parties |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113626841A (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11283608B2 (en) | Executing a cryptographic operation | |
| US10917235B2 (en) | High-precision privacy-preserving real-valued function evaluation | |
| CN110363030B (en) | Method and processing apparatus for performing lattice-based cryptographic operations | |
| Atallah et al. | Securely outsourcing linear algebra computations | |
| Roy et al. | Compact and side channel secure discrete Gaussian sampling | |
| CN107004084B (en) | Multiplicative mask for cryptographic operations | |
| US12335365B2 (en) | Protection of transformations by intermediate randomization in cryptographic operations | |
| WO2022260672A1 (en) | A low footprint resource sharing hardware architecture for crystals-dilithium and crystals-kyber | |
| CN113761469B (en) | Highest bit carry calculation method for protecting data privacy | |
| CN113626841B (en) | Multi-party security calculation-based selection problem processing method | |
| US11983285B1 (en) | Secure multi-party computation and communication | |
| Usama et al. | Chaos-based simultaneous compression and encryption for Hadoop | |
| Duluta et al. | Secure communication method based on encryption and steganography | |
| CN115529120A (en) | A secure computing system | |
| CN112272082B (en) | Image encryption/decryption method and device, electronic equipment and storage medium | |
| Rentería-Mejía et al. | Lattice-based cryptoprocessor for CCA-secure identity-based encryption | |
| CN115603910B (en) | A method and system for calculating bitwise multiplication of multi-party security vectors | |
| CN112989421A (en) | Method and system for processing safety selection problem | |
| CN119577800B (en) | A data sorting method based on homomorphic encryption | |
| CN117312743B (en) | Rapid matrix multiplication method in Paillier ciphertext space | |
| US20250038977A1 (en) | Masking with efficient unmasking via domain embedding in cryptographic devices and applications | |
| Krishnegowda et al. | Efficient matrix key homomorphic encryption of medical images | |
| US20240411514A1 (en) | Methods and systems for addition, multiplication, subtraction, and division of rational numbers encoded in the domain of farey rationals for mpc systems | |
| CN114710260B (en) | Image encryption method and related equipment | |
| US20250307349A1 (en) | Methods and systems for rounding of multiplication and division of fixed-point numbers encoded in the domain of farey rationals for mpc systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240926 Address after: Room 302, 3rd Floor, Building 1, Yard 1, Danling Street, Haidian District, Beijing, 100080 Applicant after: Sasi Digital Technology (Beijing) Co.,Ltd. Country or region after: China Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Applicant before: Alipay (Hangzhou) Information Technology Co.,Ltd. Country or region before: China |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |