[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113518092B - Set intersection method for realizing multi-party privacy - Google Patents

Set intersection method for realizing multi-party privacy Download PDF

Info

Publication number
CN113518092B
CN113518092B CN202110833610.XA CN202110833610A CN113518092B CN 113518092 B CN113518092 B CN 113518092B CN 202110833610 A CN202110833610 A CN 202110833610A CN 113518092 B CN113518092 B CN 113518092B
Authority
CN
China
Prior art keywords
participants
ciphertext
bloom filter
plaintext
size
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110833610.XA
Other languages
Chinese (zh)
Other versions
CN113518092A (en
Inventor
张紫倩
王保仓
段普
张本宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202110833610.XA priority Critical patent/CN113518092B/en
Publication of CN113518092A publication Critical patent/CN113518092A/en
Application granted granted Critical
Publication of CN113518092B publication Critical patent/CN113518092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multi-party privacy set intersection method, which mainly solves the problem that the prior art only supports the hidden set size intersection under the environment of two parties, but the set intersection communication volume is large under the environment of a plurality of parties. The scheme is as follows: the parameter generating mechanism generates required parameters; other participants use the bloom filter to represent respective input sets and use the joint public key to encrypt the input sets and send the input sets to the appointed participants; the appointed party extracts the ciphertext by using the hash value of the set element, combines a plurality of ciphertexts into a polymerization ciphertext by using a radix number marking mode, and sends the polymerization ciphertext to other parties; and the appointed party and other parties jointly decrypt to obtain a joint plaintext, and a single plaintext is recovered from the joint plaintext to obtain an intersection. The method can support the privacy set intersection calculation of the hidden set size under the environment of a plurality of participants, reduces the communication traffic, and can be used for privacy protection of the input set elements and the hidden set sizes of the participants in the set intersection.

Description

Set intersection method for realizing multi-party privacy
Technical Field
The invention belongs to the technical field of security, and further relates to a multi-party privacy set intersection method which can be used for carrying out privacy protection on input set elements and sizes of participants in set intersection.
Background
The privacy preserving set intersection technology is a sub-problem with wide application scenarios in the field of multi-party security computing. Under the background of the era of big data and artificial intelligence, data is generated and utilized at all times in various application programs, and further more convenient service is brought to users. Meanwhile, a large amount of valuable private data is continuously mined, so that people continuously improve the awareness of protecting the data containing the sensitive information of the people, and further cause a trust gap, thereby causing a data island phenomenon and losing the value of the data. The problem of how to reasonably exert the data value on the premise of effectively protecting the data privacy of the user becomes the most important reason for the rise of the privacy protection set intersection technology.
At present, the privacy protection set intersection technology mainly performs set intersection in the environment of two parties, and in most cases, the sizes of input sets of the parties are public. When the size of the private input set implies sensitive information for the participant, the participant may require that it be kept secret. For example, when the homeland security agency DHS needs to know whether a flight passenger list of an airline intersects with the terrorist observation list TWL, the set size of the TWL is confidential information for the DHS and cannot be disclosed to any airline at all. If the supplementary 'dummy' mode is simply utilized, additional overhead problems are caused when data is processed. Meanwhile, in real life, the participants are not limited to two parties, sometimes a plurality of participants are involved, and if the privacy set intersection technology of the two parties is simply applied for multiple times, the problem of privacy data disclosure is brought.
Giuseppe Atenise et al, in its published paper (If) Size matrices, Size-mapping private set interaction, put forward the need for privacy protection set intersections to achieve stronger privacy attributes, hide the Size of the set owned by one of the two parties, i.e., the "client", and design a construction scheme that is secure under the RSA assumption of a random predictive model, using tools similar to RSA accumulators and unpredictable functions. However, the scheme uses an unpredictable function, the function is only limited to the representation of a single element in the set of the participants, and when the number of the participants is multiple, the function of simultaneous transaction is difficult to achieve, so that the feasibility of safely completing the transaction function if the function is expanded to the environment of multiple participants is not great; meanwhile, because the method uses a tool similar to an RSA accumulator, the calculation amount is too large in practical application, and the method is not suitable for practical application scenes.
Sumit Kumar denath et al proposed a bloom filter-based multiparty privacy set intersection negotiation protocol in its published paper Secure and effective privacy set intersection negotiation protocol, which mainly represents the input set elements of participants through a bloom filter structure, and compared with most privacy set negotiation protocols, it can save a lot of storage space, but after obtaining the intersection ciphertext, the specified participant needs to send the large and small number of ciphertexts of its set to all other participants for decryption, so after all other participants receive the ciphertexts, the set size of the specified participant can be inferred according to the number of ciphertexts, and the input set size of the participant cannot be hidden, and the communication traffic is relatively large.
Disclosure of Invention
The present invention aims to provide a set intersection method for realizing multi-party privacy, so as to protect privacy attributes of multiple participants in original input data set elements and the sizes of the set elements, that is, any participant cannot exactly obtain the set data and the number of the elements in the private input sets of other participants, and reduce communication overhead.
In order to achieve the purpose, the technical scheme of the invention is as follows:
(1) a parameter generation means PG for generating parameters (G, q, G) of the encryption algorithm EL, wherein G represents a cyclic group, q represents an order of the cyclic group G, and G represents a generator of the cyclic group G, and sharing the parameters to all participants;
(2) all parties generate respective public and private key pairs (pk) according to the parameters i ,sk i ) And discloses a public key pk i Private key sk i Then, calculating a joint public key pk according to the public keys, wherein i is 1, …, n, n represents the number of participants;
(3) the parameter generation mechanism PG generates a public and private key pair (pk) according to the parameters (G, q, G) T ,sk T ) And using the public key required for encrypting the set size
Figure BDA0003175718090000021
Interacting with all participants to obtain the size m of the bloom filter, and finally generating k hash functions h of the bloom filter l And the parameter m and the hash function h are combined l Sending the hash function h to other participants l Is sent to a designated participant, wherein pk 1 Representing specified parametersThe public key of the party, l ═ 1, …, k, denotes the number of hash functions;
(4) specifying participants to generate t cardinalities w t Wherein t is 1, …, v 1 ,v 1 Represents the size of its input set;
(5) the other participants respectively represent the input sets by the bloom filter structure to obtain the respective bloom filters
Figure BDA0003175718090000022
Reuse joint public key pk to bloom filter structure
Figure BDA0003175718090000023
Encrypting to obtain respective encrypted bloom filters
Figure BDA0003175718090000024
And sends it to the designated party;
(6) hash function h of designated participants using bloom filters l Calculate the element x in its input set t From the received encrypted bloom filter
Figure BDA0003175718090000025
K (n-1) ciphertexts are extracted from the data
Figure BDA0003175718090000026
Obtaining an aggregation ciphertext by using homomorphism property of an encryption algorithm TEL for the ciphertexts, and sending the aggregation ciphertext to other participants;
(7) and the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
Compared with the prior art, the invention has the following advantages:
firstly, because a plurality of ciphertexts are combined into one aggregation cipher text by using a radix number marking mode, the data volume sent to other parties by a specified party is greatly reduced, and the aim of reducing communication traffic is fulfilled;
secondly, in the process of generating the size of the bloom filter, the input set sizes of other participants are encrypted by using a joint common key formed by the appointed participant and the parameter generating mechanism, and the input set sizes of other participants cannot be obtained by the appointed participant and the input set sizes corresponding to other participants cannot be definitely obtained by using the re-randomization mode, so that the problem that the input set sizes cannot be hidden in the prior art is solved, and the input set sizes of other participants are hidden;
thirdly, the invention has the advantages that the information sent by the appointed party to other parties only has one aggregation ciphertext, so that other parties can not obtain the input set size of the appointed party from the number of the aggregation ciphertexts, the effect of hiding the input set size of the appointed party is further improved, and the set intersection of multi-party privacy is realized.
Drawings
Fig. 1 is a general flow chart of an implementation of the present invention.
Fig. 2 is a sub-flow diagram of the present invention for a given participant to recover a single plaintext from an aggregated ciphertext.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
This example includes three bodies, a parameter generation mechanism PG, a designated party and other parties, where:
a parameter generation mechanism PG, which is responsible for generating the parameters required for realizing intersection;
the method comprises the steps that a participant is appointed and used for inputting an original data set of the participant and obtaining a final intersection of all input sets;
other participants, which are used to input respective raw data sets.
Referring to fig. 1, the implementation steps of this example are as follows:
step 1, system initialization.
1.1) the parameter generation means PG generates and discloses parameters (G, q, G) by using an ElGamal encryption algorithm EL, wherein G represents a cyclic group, q represents the order of the cyclic group G, and G represents a generator of the cyclic group G;
1.2) all parties generate respective public and private key pairs (pk) according to the parameters i ,sk i ) And discloses a public key pk i Private key sk i Then, the joint public key is calculated according to the public respective public keys
Figure BDA0003175718090000031
Wherein, i is 1, …, n, n represents the number of participants;
1.3) the parameter generation mechanism PG generates a public and private key pair (pk) thereof according to the parameters (G, q, G) T ,sk T ) Public key pk T Private secret key sk T And sends its public key pk T With the public key pk of the designated party 1 Multiplying to obtain the public key needed by the size of the encrypted set
Figure BDA0003175718090000041
1.4) other parties all utilize the public key
Figure BDA0003175718090000042
For respective input set size v i Encrypting to obtain ciphertext
Figure BDA0003175718090000043
And sending it to the designated participant, where i ═ 2, …, n, denotes the number of participants;
1.5) specifying that the participant received the ciphertext
Figure BDA0003175718090000044
Then, the cipher text is encrypted by using the private key of the user
Figure BDA0003175718090000045
Partially decrypted into
Figure BDA0003175718090000046
Then from group Z q In which a random number is selected
Figure BDA0003175718090000047
Using the random number
Figure BDA0003175718090000048
The ciphertext is encrypted
Figure BDA0003175718090000049
Re-randomizing to obtain re-randomized cipher text
Figure BDA00031757180900000410
And encrypt the ciphertext
Figure BDA00031757180900000411
Disorder, and sending to a parameter generation mechanism PG, wherein the group Z q Is a group of integers of order q;
1.6) the parameter generation mechanism PG obtains the scrambled ciphertext
Figure BDA00031757180900000412
Then, the clear text v is obtained by utilizing the private key of the user to decrypt i By comparison of v i To obtain a maximum value v max And then calculating the size m of the bloom filter:
v max =max(v i ),
Figure BDA00031757180900000413
where i ═ 2, …, n, n denotes the number of participants, k denotes the number of hash functions, and the notation
Figure BDA00031757180900000416
Means to round up the values inside the symbol;
1.7) parameter Generation mechanism PG chooses k Hash functions h of bloom Filter l And the size m of the bloom filter and the hash function h l Sending the hash function h to other participants l Sending to the designated participant, l ═ 1, …, k, k denotes the number of hash functions;
1.8) specifying the participants to generate t cardinalities w t :
w t =(k(n-1)+1) t-1 ,
Wherein t is 1, …, v 1 ,v 1 Representing the size of the input set of the specified participant, k representing the number of bloom filter hash functions, and n representing the number of participants.
Step 2, other participants all represent their respective input sets by adopting the bloom filter structure to obtain their respective bloom filters
Figure BDA00031757180900000414
And encrypting the data to obtain respective encrypted bloom filters
Figure BDA00031757180900000415
2.1) other participants all use k hash functions of the bloom filter to pair the elements x in their respective input sets ζ And calculating the index value:
h 1 (x ζ ),...,h l (x ζ ),...,h k (x ζ ),
wherein h is l (x ζ ) Representing element x ζ By a hash function h l Calculated index value ζ 1, …, v i ,v i A set of representations X i L 1, …, k, k denotes the number of hash functions, i 2, …, n, n denotes the number of participants;
2.2) all other participants generate an empty bloom Filter BF i BF of bloom filter i The value of each position in (a) is initialized to 1;
2.3) other participators are in BF of the empty bloom filter according to the index values obtained in the step 2.1) i Finding the corresponding position and changing the value to 0, thereby obtaining the respective bloom filters of other participants
Figure BDA0003175718090000051
Figure BDA0003175718090000052
Wherein the bloom filter
Figure BDA0003175718090000053
The value of the jth position is expressed as:
Figure BDA0003175718090000054
m represents the size of the bloom filter.
2.4) other participants use TEL encryption algorithm to filter bloom
Figure BDA0003175718090000055
Encrypting to obtain respective encrypted bloom filters
Figure BDA0003175718090000056
Figure BDA0003175718090000057
Wherein,
Figure BDA0003175718090000058
bloom filter representing encryption
Figure BDA0003175718090000059
The jth location of (1).
Step 3, appointing the hash function h of the participant by utilizing the bloom filter l Calculating the element x in its input set t From the received encrypted bloom filter
Figure BDA00031757180900000510
K (n-1) ciphertexts are extracted from the data
Figure BDA00031757180900000511
3.1) Ha of a designated participant Using bloom FilterH function of Hig l Calculating the element x in its input set t Index value of (d):
h 1 (x t ),...,h l (x t ),...,h k (x t ),
wherein h is l (x t ) Represents the element x t By a hash function h l The calculated index value t 1, …, v 1 ,v 1 A set of representations X 1 1, …, k, k representing the number of hash functions;
3.2) specifying the Party to use the encrypted bloom Filter
Figure BDA00031757180900000512
Extracting index value h l (x t ) The corresponding ciphertext, is represented as follows:
Figure BDA00031757180900000513
wherein,
Figure BDA00031757180900000514
represent
Figure BDA00031757180900000515
The middle index value is h l (x t ) I 2, …, n, n indicates the number of participants.
Step 4, appointing the participant pair k (n-1) ciphertexts
Figure BDA0003175718090000061
And obtaining an aggregation ciphertext by using the homomorphism property of the encryption algorithm TEL, and sending the aggregation ciphertext to other participants.
4.1) appointing the participator to utilize the addition homomorphism of the encryption algorithm TEL to encrypt k (n-1) ciphertexts
Figure BDA0003175718090000062
Multiplying to obtain the element x t Corresponding ciphertext C t Expressed as follows:
C t =(α tt ),
wherein alpha is t Is C t The first portion of ciphertext, represented as:
Figure BDA0003175718090000063
β t is C t The second portion of the ciphertext, represented as:
Figure BDA0003175718090000064
r ij is group Z q Wherein, i is 2, …, n represents the number of participants, j is 1, …, m, m represents the size of the bloom filter;
Figure BDA0003175718090000065
filter for expression bloom
Figure BDA0003175718090000066
The value of the jth position is,
Figure BDA0003175718090000067
4.2) specifying participant utilization floor w t And number-by-number homomorphism of the encryption algorithm TEL, for element x t Corresponding ciphertext C t Exponentiation is performed to obtain a marked ciphertext
Figure BDA0003175718090000068
Is represented as follows:
Figure BDA0003175718090000069
wherein,
Figure BDA00031757180900000610
for marking ciphertext
Figure BDA00031757180900000611
The first portion of ciphertext, represented as:
Figure BDA00031757180900000612
Figure BDA00031757180900000613
for marking cryptograph
Figure BDA00031757180900000614
The second portion of ciphertext, expressed as:
Figure BDA00031757180900000615
k represents the number of bloom filter hash functions;
n represents the number of participants;
4.3) assigning participants the addition homomorphism of v using the encryption algorithm TEL 1 Individual mark cipher text
Figure BDA00031757180900000616
Multiplying to obtain an aggregate ciphertext C, represented as follows:
C=(α,β),
where α is the first partial ciphertext of the aggregate ciphertext C, expressed as:
Figure BDA00031757180900000617
β is the second partial ciphertext of the aggregate ciphertext C, represented as:
Figure BDA00031757180900000618
and 5, the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
5.1) other parties all utilize their own private keys sk i And exponentiating the first part of ciphertext alpha of the aggregation ciphertext C to obtain a part of value required for decryption:
Figure BDA0003175718090000071
and sends it to the designated participant, where i ═ 2, …, n, n denotes the number of participants;
5.2) appointing the participant to get T i Then, use its private key sk 1 Exponentiating a first part of ciphertext alpha of the aggregated ciphertext C to obtain another part of value required for decryption:
Figure BDA0003175718090000072
then will T 1 And T i Multiplying to obtain all values rho required for decryption:
Figure BDA0003175718090000073
5.3) the appointed party decrypts the aggregation ciphertext C by using all the values rho required by decryption to obtain an aggregation plaintext mu:
Figure BDA0003175718090000074
wherein, w t Representing the cardinality, b t Representing a single plaintext, b t ∈[0,…,k(n-1)];
5.4) appointing the participant to obtain the plaintext b by using a plaintext recovery algorithm t Wherein t is 1, …, v 1 ,v 1 A set of representations X 1 The size of (2):
referring to fig. 2, the specific implementation of this step is as follows:
5.4.1) let variable t ═ v 1
5.4.2) calculating the plaintext corresponding to the variable t: b t =(μ-μmodw t )/w t
5.4.3) calculating the polymerization plaintext corresponding to the residual variable t: mu ═ mu- (w) t ·b t );
5.4.2) determine whether the variable t ═ 1 holds:
if yes, ending the process and outputting b t
Otherwise, let t equal t-1, return 5.4.2).
5.5) appointing the participant to reinitialize an empty set W 0 And judging a single plaintext b t Whether or not it is 0:
if so, the element x is added t Put into the set W 0 And (5) outputting a final set W, namely the intersection of the input sets of all the participants.
Otherwise, for the set W 0 No operation is performed.
The foregoing description is only an example of the present invention and is not intended to limit the invention, so that it will be apparent to those skilled in the art that various changes and modifications in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (10)

1. A set intersection method for realizing multi-party privacy is characterized by comprising the following steps:
(1) the parameter generating mechanism PG generates parameters (G, q, G) of an encryption algorithm ElGamal, and shares the parameters to all participants, wherein G represents a cyclic group, q represents the order of the cyclic group G, and G represents a generator of the cyclic group G;
(2) all parties generate respective public and private key pairs (pk) according to the parameters i ,sk i ) And discloses a public key pk i Private secret key sk i Then, a joint public key pk is calculated according to the public keys, wherein i is 1.
(3) The parameter generation mechanism PG generates a public and private key pair (pk) thereof according to the parameters (G, q, G) T ,sk T ) And using the public key required for encrypting the set size
Figure FDA0003735424480000011
Interacting with all participants to obtain the size m of the bloom filter, and finally generating k hash functions h of the bloom filter l And the parameter m and the hash function h are combined l To all the participantsAnd then the hash function h is used l Is sent to a designated participant, wherein pk 1 A public key representing a given participant, l 1.., k, k representing the number of hash functions;
(4) specifying participants to generate t cardinalities w t Wherein t is 1 1 ,v 1 Represents the size of its input set;
(5) the other participants respectively represent the input sets by the bloom filter structure to obtain the respective bloom filters
Figure FDA0003735424480000012
Reuse joint public key pk to bloom filter structure
Figure FDA0003735424480000013
Encrypting to obtain respective encrypted bloom filters
Figure FDA0003735424480000014
And sends it to the designated party;
(6) hash function h of designated participants using bloom filters l Calculating the element x in its input set t From the received encrypted bloom filter
Figure FDA0003735424480000015
K (n-1) ciphertexts are extracted from the data
Figure FDA0003735424480000016
Obtaining a polymerization ciphertext by using homomorphism property of an encryption algorithm TEL for the ciphertexts, and sending the polymerization ciphertext to other participants;
(7) and the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
2. The method of claim 1, wherein all participants in (2) calculate a joint public key pk from the public individual public keys, as follows:
Figure FDA0003735424480000017
wherein, pk i A public key representing the ith participant, i 1, 2.
3. The method of claim 1, wherein (3) the parameter generation mechanism PG interacts with all participants to obtain the bloom filter size m as follows:
(3a) the other parties all using the public key
Figure FDA0003735424480000018
For respective input set size v i Encrypting to obtain ciphertext
Figure FDA0003735424480000019
And send it to the designated participants, where i ═ 2.., n, n represents the number of participants;
(3b) the designated party receives the ciphertext
Figure FDA0003735424480000021
Then, the cipher text is encrypted by using the private key of the user
Figure FDA0003735424480000022
Partially decrypted into
Figure FDA0003735424480000023
Then from group Z q In which a random number is selected
Figure FDA0003735424480000024
Using the random number
Figure FDA0003735424480000025
Cipher text
Figure FDA0003735424480000026
Re-randomizing to obtain re-randomized cipher text
Figure FDA0003735424480000027
And encrypt the ciphertext
Figure FDA0003735424480000028
Disorder, and sending to a parameter generation mechanism PG, wherein the group Z q Is a group of integers of order q;
(3c) the parameter generation mechanism PG obtains the scrambled ciphertext
Figure FDA0003735424480000029
Then, the clear text v is obtained by utilizing the private key of the user to decrypt i By comparison of v i To obtain a maximum value v max And then calculating the size m of the bloom filter:
v max =max(v i ),
Figure FDA00037354244800000210
where k represents the number of hash functions, the symbol
Figure FDA00037354244800000216
Meaning rounding up the values inside the symbol.
4. The method of claim 1, wherein t cardinalities w generated by a given participant in (4) t Expressed as follows:
w t =(k(n-1)+1) t-1
wherein, t is 1 1 ,v 1 Representing the size of the input set of the specified participant, k representing the number of bloom filter hash functions, and n representing the number of participants.
5. The method of claim 1, wherein the other participants in (5) represent respective sets of inputs by a bloom filter structure, resulting in respective bloom filters
Figure FDA00037354244800000211
The method is realized as follows:
(5a) the other participants all have to the element x in their respective input sets ζ And calculating by using k hash functions of the bloom filter to obtain an index value:
h 1 (x ζ ),…,h l (x ζ ),…,h k (x ζ ),
wherein h is l (x ζ ) Representing element x ζ By a hash function h l The calculated index value, ζ ═ 1 i ,v i A set of representations X i K, k denotes the number of hash functions, i 2, n, n denotes the number of participants;
(5b) bloom Filter BF with other participants all generating null i BF of bloom filter i The value of each position in (a) is initialized to 1;
(5c) other participants are in the empty bloom filter BF according to the index value obtained in the step (5a) i Finding the corresponding position and changing the value to 0, thereby obtaining the respective bloom filters of other participants
Figure FDA00037354244800000212
Figure FDA00037354244800000213
Wherein the bloom filter
Figure FDA00037354244800000214
The value of the jth position is expressed as:
Figure FDA00037354244800000215
j ═ 1., m, m denote the size of the bloom filter.
6. The method of claim 1, wherein (5) the other participants obtain respective encrypted bloom filters
Figure FDA0003735424480000031
Is represented as follows:
Figure FDA0003735424480000032
wherein,
Figure FDA0003735424480000033
bloom filters represented as ciphers
Figure FDA0003735424480000034
J-th position ciphertext of (1), m, m represents the size of the bloom filter, and i-2.
7. The method of claim 1, wherein the hash function h of (6) specifying that the participant utilizes a bloom filter l Calculating the element x in its input set t Index value of (d):
h 1 (x t ),…,h l (x t ),…,h k (x t ),
wherein h is l (x t ) Represents the element x t At the hash function h l Index value of 1, t 1 ,v 1 Set of representations X 1 Is 1, …, k, k denotes the number of hash functions.
8. The method of claim 1, wherein the method is performed in a batch processThe bloom Filter specifying Party to encrypt from
Figure FDA0003735424480000035
Extracting index value h l (x t ) The corresponding ciphertext, expressed as follows:
Figure FDA0003735424480000036
wherein,
Figure FDA0003735424480000037
to represent
Figure FDA0003735424480000038
The middle index value is h l (x t ) K, k denotes the number of hash functions, t 1 1 ,v 1 A set of representations X 1 N, n represents the number of participants.
9. The method of claim 1, wherein k (n-1) ciphertext pairs are specified in the (6)
Figure FDA0003735424480000039
Obtaining a polymerization ciphertext by using the homomorphism property of an encryption algorithm TEL, and realizing the following steps:
(6a) appointing the participants to use the addition homomorphism of the encryption algorithm TEL to encrypt k (n-1) ciphertexts
Figure FDA00037354244800000310
Multiplying to obtain the element x t Corresponding ciphertext C t Expressed as follows:
C t =(α t ,β t ),
wherein alpha is t Is C t The first portion of ciphertext, represented as:
Figure FDA00037354244800000311
β t is C t The second portion of ciphertext, expressed as:
Figure FDA00037354244800000312
r ij is a group Z q N, n represents the number of participants, j represents 1, the.
Figure FDA0003735424480000041
Indicating bloom filters
Figure FDA00037354244800000418
The value of the j-th position,
Figure FDA0003735424480000042
t=1,...,v 1 ,v 1 a set of representations X 1 The size of (d);
(6b) specifying participant utilization cardinality w t And number multiplication homomorphism of encryption algorithm TEL for element x t Corresponding ciphertext C t Exponentiation is performed to obtain a marked ciphertext
Figure FDA0003735424480000043
Is represented as follows:
Figure FDA0003735424480000044
wherein,
Figure FDA0003735424480000045
for marking cryptograph
Figure FDA0003735424480000046
The first portion of ciphertext, represented as:
Figure FDA0003735424480000047
Figure FDA0003735424480000048
for marking ciphertext
Figure FDA0003735424480000049
The second portion of the ciphertext, represented as:
Figure FDA00037354244800000410
k represents the number of bloom filter hash functions;
n represents the number of participants;
(6c) specifying participants to use the addition homomorphism of the encryption algorithm TEL to convert v 1 Individual mark cipher text
Figure FDA00037354244800000411
Multiplying to obtain a combined ciphertext C, as follows:
C=(α,β),
where α is the first partial ciphertext of the aggregate ciphertext C, expressed as:
Figure FDA00037354244800000412
β is the second partial ciphertext of the aggregate ciphertext C, represented as:
Figure FDA00037354244800000413
10. the method according to claim 1, characterized in that the implementation of (7) is as follows:
(7a) other parties all utilize their own private keys sk i Exponentiation is performed on the first part of ciphertext alpha of the aggregate ciphertext C to obtain a solutionPartial values required for encryption:
Figure FDA00037354244800000414
and send it to the designated participants, where i ═ 2.., n, n represents the number of participants;
(7b) designating a participant to get T i Then, use its private key sk 1 Exponentiating a first part of ciphertext alpha of the aggregated ciphertext C to obtain another part of value required for decryption:
Figure FDA00037354244800000415
then will T 1 And T i Multiplying to obtain all values rho required for decryption:
Figure FDA00037354244800000416
(7c) and the appointed party decrypts the aggregation ciphertext C by using all the values rho required by decryption to obtain an aggregation plaintext mu:
Figure FDA00037354244800000417
wherein, w t Representing the cardinality, b t Representing a single plaintext, b t ∈[0,...,k(n-1)];
(7d) The appointed participator obtains a single plaintext b by using a plaintext recovery algorithm t Reinitializing an empty set W 0 And judging a single plaintext b t Whether or not it is 0:
if so, the element x is added t Put into the set W 0 In the method, a final set W is output, namely the intersection of input sets of all the participants;
otherwise, for the set W 0 No operation is performed.
CN202110833610.XA 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy Active CN113518092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110833610.XA CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110833610.XA CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Publications (2)

Publication Number Publication Date
CN113518092A CN113518092A (en) 2021-10-19
CN113518092B true CN113518092B (en) 2022-08-26

Family

ID=78067662

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110833610.XA Active CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Country Status (1)

Country Link
CN (1) CN113518092B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113901501B (en) * 2021-10-20 2022-11-08 苏州斐波那契信息技术有限公司 Private domain user image expansion method based on federal learning
CN114386068A (en) * 2022-01-06 2022-04-22 北京数牍科技有限公司 Multi-condition privacy protection set intersection method and system for preventing collusion attack
CN114520721B (en) * 2022-03-22 2024-03-29 杭州博盾习言科技有限公司 Multiparty secure computing privacy exchange method, device, equipment and storage medium
CN114553593B (en) * 2022-03-22 2024-05-28 杭州博盾习言科技有限公司 Multiparty secure computing privacy exchange method, device, equipment and storage medium
CN114884675B (en) * 2022-04-29 2023-12-05 杭州博盾习言科技有限公司 Multi-party privacy intersection method, device, equipment and medium based on bit transmission
CN115396144B (en) * 2022-07-20 2023-12-05 北京冲量在线科技有限公司 Multiparty privacy intersection scheme based on trusted execution environment and distributed data intersection algorithm
CN115396148B (en) * 2022-07-22 2024-04-12 西安邮电大学 Privacy-protected list query method, system, medium, equipment and terminal
CN115422581B (en) * 2022-08-30 2024-03-08 北京火山引擎科技有限公司 Data processing method and device
CN117454432B (en) * 2023-12-20 2024-04-09 暨南大学 Privacy protection association rule mining method in distributed environment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8526603B2 (en) * 2011-07-08 2013-09-03 Sap Ag Public-key encrypted bloom filters with applications to private set intersection
CN109104413B (en) * 2018-07-17 2020-07-31 中国科学院计算技术研究所 Method for solving intersection of private data for secure multi-party computation and verification method
CN109495465B (en) * 2018-11-05 2020-12-25 河南师范大学 Privacy set intersection method based on intelligent contracts
CN109951443B (en) * 2019-01-28 2021-06-04 湖北工业大学 Set intersection calculation method and system for privacy protection in cloud environment
CN110719159B (en) * 2019-09-24 2023-06-30 河南师范大学 Multi-party privacy set intersection method for resisting malicious adversaries
CN111641603B (en) * 2020-05-15 2022-07-01 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN112966283B (en) * 2021-03-19 2023-04-18 西安电子科技大学 PPARM (vertical partition data parallel processor) method for solving intersection based on multi-party set

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于全同态加密的安全多方计算探讨;李习习等;《电脑知识与技术》;20200725(第21期);全文 *

Also Published As

Publication number Publication date
CN113518092A (en) 2021-10-19

Similar Documents

Publication Publication Date Title
CN113518092B (en) Set intersection method for realizing multi-party privacy
CN110008717B (en) Decision tree classification service system and method supporting privacy protection
Almaiah et al. A new hybrid text encryption approach over mobile ad hoc network
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Torkaman et al. Innovative approach to improve hybrid cryptography by using DNA steganography
CN108632030B (en) CP-ABE-based fine-grained access control method
Rahim et al. Study of three pass protocol on data security
CN108512662A (en) The hiding multimachine structure encryption method of support policy on a kind of lattice
CN104113408A (en) Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN107196926A (en) A kind of cloud outsourcing privacy set comparative approach and device
CN112035695B (en) Spatial data encryption method suitable for mobile terminal
CN105763528B (en) The encryption device of diversity person's anonymity under a kind of mixed mechanism
Abusukhon et al. New direction of cryptography: A review on text-to-image encryption algorithms based on RGB color value
CN104320393A (en) Effective attribute base agent re-encryption method capable of controlling re-encryption
US20040037424A1 (en) Information distribution and processing
CN109962769A (en) Data safety De-weight method based on threshold blind signature
CN115994559A (en) Efficient method for converting unintentional neural network
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
Sumathi et al. A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography
CN117118617A (en) Distributed threshold encryption and decryption method based on mode component homomorphism
Patel et al. Image encryption decryption using chaotic logistic mapping and dna encoding
CN109743162A (en) A kind of operated using ideal lattice carries out the matched encryption method of identity attribute
CN117114959B (en) Image encryption method based on key feedback mechanism of multi-parameter one-dimensional chaotic system
Yang et al. Implementing efficient attribute encryption in IoV under cloud environments
Zhou et al. A survey of security aggregation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant