CN113569267B - Privacy safety data set intersection method, device, equipment and storage medium - Google Patents

Privacy safety data set intersection method, device, equipment and storage medium Download PDF

Info

Publication number
CN113569267B
CN113569267B CN202111110460.6A CN202111110460A CN113569267B CN 113569267 B CN113569267 B CN 113569267B CN 202111110460 A CN202111110460 A CN 202111110460A CN 113569267 B CN113569267 B CN 113569267B
Authority
CN
China
Prior art keywords
data
ciphertext
hash
intersection
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111110460.6A
Other languages
Chinese (zh)
Other versions
CN113569267A (en
Inventor
雍若兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Smk Network Technology Co ltd
Original Assignee
Shanghai Smk Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Smk Network Technology Co ltd filed Critical Shanghai Smk Network Technology Co ltd
Priority to CN202111110460.6A priority Critical patent/CN113569267B/en
Publication of CN113569267A publication Critical patent/CN113569267A/en
Application granted granted Critical
Publication of CN113569267B publication Critical patent/CN113569267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a privacy-safe data set intersection method, a device, equipment and a storage medium, wherein the method comprises the following steps: solving the intersection of the first hash data table and the second hash data table to obtain an intersection hash data table; determining third original data; encrypting the third original data by using a private key to obtain first ciphertext data; sending the public key to the second terminal; receiving second ciphertext data; encrypting the second ciphertext data by using a private key to obtain third ciphertext data; sending third ciphertext data and the first ciphertext data to the second terminal; the second terminal is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and the preset mapping table of the ciphertext and the original data is used for converting the ciphertext intersection result into the original data to obtain a data intersection of the second original data and the first original data; the data set submitting method and the data set submitting device can solve the problem that the data set submitting efficiency of an existing data set submitting method with safe privacy is low.

Description

Privacy safety data set intersection method, device, equipment and storage medium
Technical Field
The application belongs to the technical field of privacy security calculation, and particularly relates to a privacy security data set intersection method, device, equipment and storage medium.
Background
With the development of computer and internet technologies, information of users is widely collected and used, privacy security issues are challenged, and in order to deal with the issue of privacy disclosure, privacy security computing technologies have recently received much attention. Privacy Set Intersection (PSI) is a pre-step in all privacy-secure computational modeling, and the privacy Set Intersection protocol allows two parties holding respective sets to jointly compute the Intersection operation of two sets. At the end of a protocol interaction, one or both parties should get the correct intersection and not get any information in the other party's set outside the intersection.
In the face of a scenario where the data volume difference between two parties of data set intersection is large, for example, the data volume of one party is more than hundred million and the data of one party is much smaller than hundred million, the existing privacy-safe data set intersection method directly performs data set intersection on the two parties of data set intersection, and the data set intersection efficiency is low due to the large data volume of one party.
Disclosure of Invention
The embodiment of the application provides a privacy-safe data set intersection method, a device, equipment and a storage medium, and can solve the problem that the existing privacy-safe data set intersection method is low in data set intersection efficiency.
In a first aspect, an embodiment of the present application provides a privacy-safe data set submitting method, which is applied to a first terminal, and includes:
after a data set intersection request sent by a second terminal is received, the intersection of the first hash data table and the second hash data table is obtained, and an intersection hash data table is obtained; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function; the first hash data table is constructed by carrying out hash mapping on first original data stored by a first terminal through a first preset hash function;
determining third original data, wherein the third original data comprises first original data having a hash mapping relation with the intersection hash data table;
encrypting the third original data by using a private key in a preset key pair to obtain first ciphertext data;
sending a public key in a preset key pair to a second terminal;
receiving second ciphertext data; the second ciphertext data is obtained by encrypting second original data through a second terminal application public key;
encrypting the second ciphertext data by using a private key to obtain third ciphertext data;
sending third ciphertext data and the first ciphertext data to the second terminal; and the second terminal is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and the preset mapping table of the ciphertext and the original data is used for converting the ciphertext intersection result into the original data to obtain a data intersection of the second original data and the first original data.
Further, in an embodiment, before sending the third ciphertext data to the second terminal, the method further comprises:
and performing data storage format conversion on the third ciphertext data by adopting a second preset hash function to obtain the third ciphertext data after the data storage format conversion.
In a second aspect, an embodiment of the present application provides a privacy-safe data set submitting method, which is applied to a second terminal, and includes:
sending a data set intersection request to the first terminal, wherein the data set intersection request is used for the first terminal to obtain the intersection of the first hash data table and the second hash data table to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function; the first hash data table is constructed by carrying out hash mapping on first original data stored by a first terminal through a first preset hash function;
receiving a public key in a preset key pair sent by a first terminal;
encrypting the second original data by using the public key to obtain second ciphertext data;
sending second ciphertext data to the first terminal, wherein the second ciphertext data is used for the first terminal to encrypt the second ciphertext data by using a private key to obtain third ciphertext data;
receiving third ciphertext data and the first ciphertext data; the first ciphertext data is obtained by encrypting third original data through a first terminal application private key, and the third original data comprises first original data having a Hash mapping relation with an intersection Hash data table;
intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result;
and converting the ciphertext intersection result into original data by adopting a preset mapping table of the ciphertext and the original data to obtain data intersection of the second original data and the first original data.
Further, in an embodiment, encrypting the second original data with the public key to obtain second ciphertext data includes:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain second ciphertext data.
In a third aspect, an embodiment of the present application provides a privacy-safe data set submitting apparatus, where the apparatus is applied to a first terminal, and includes:
the solving module is used for solving the intersection of the first hash data table and the second hash data table after receiving a data set intersection solving request sent by the second terminal to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function; the first hash data table is constructed by carrying out hash mapping on first original data stored by a first terminal through a first preset hash function;
the determining module is used for determining third original data, and the third original data comprises first original data which has a hash mapping relation with the intersection hash data table;
the encryption module is used for encrypting the third original data by adopting a private key in a preset key pair to obtain first ciphertext data;
the sending module is used for sending the public key in the preset key pair to the second terminal;
the receiving module is used for receiving the second ciphertext data; the second ciphertext data is obtained by encrypting second original data through a second terminal application public key;
the encryption module is also used for encrypting the second ciphertext data by using a private key to obtain third ciphertext data;
the sending module is used for sending the third ciphertext data and the first ciphertext data to the second terminal; and the second terminal is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and the preset mapping table of the ciphertext and the original data is used for converting the ciphertext intersection result into the original data to obtain a data intersection of the second original data and the first original data.
Further, in one embodiment, the apparatus further comprises:
and the conversion module is used for performing data storage format conversion on the third ciphertext data by adopting a second preset hash function before the third ciphertext data is sent to the second terminal to obtain the third ciphertext data after the data storage format conversion.
In a fourth aspect, an embodiment of the present application provides a privacy-safe data set submitting apparatus, where the apparatus is applied to a second terminal, and the apparatus includes:
the sending module is used for sending a data set intersection request to the first terminal, and the first terminal is used for obtaining the intersection of the first hash data table and the second hash data table to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function; the first hash data table is constructed by carrying out hash mapping on first original data stored by a first terminal through a first preset hash function;
the receiving module is used for receiving a public key in a preset key pair sent by a first terminal;
the encryption module is used for encrypting the second original data by adopting a public key to obtain second ciphertext data;
the sending module is used for sending the second ciphertext data to the first terminal, and the first terminal applies a private key to encrypt the second ciphertext data to obtain third ciphertext data;
the receiving module is used for receiving the third ciphertext data and the first ciphertext data; the first ciphertext data is obtained by encrypting third original data through a first terminal application private key, and the third original data comprises first original data having a Hash mapping relation with an intersection Hash data table;
the intersection module is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result;
and the conversion module is used for converting the ciphertext intersection result into the original data by adopting a preset mapping table of the ciphertext and the original data to obtain the data intersection of the second original data and the first original data.
Further, in an embodiment, the encryption module is specifically configured to:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain second ciphertext data.
In a fifth aspect, an embodiment of the present application provides a privacy-safe data set submitting device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being such that when executed by the processor the method is described.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium, on which an implementation program for information transfer is stored, and when the implementation program is executed by a processor, the method is implemented.
According to the privacy-safe data set intersection method, device, equipment and storage medium, firstly, a Hash mapping relation of data stored by a first terminal and a second terminal is established by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have a Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; and then, the screened first original data, namely the third original data and the second original data are applied to the intersection, and the irrelevant data is filtered in advance, so that the data volume participating in the intersection is greatly reduced, and the intersection efficiency of the data set is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a privacy-safe data set intersection method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a data set submitting apparatus for privacy security according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data set submitting apparatus for privacy security according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a data set submitting device with privacy security according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In general, the privacy aggregation is designed to achieve sample alignment of a server/client or a data provider/data demander, and the alignment field is generally an identification ID, such as a telephone number, a provincial license number, an international mobile equipment identity IMEI of a device, and the like, that can uniquely identify a device or a user. Two important concerns of the privacy set intersection technology are security and efficiency, the security of the privacy set intersection has a better theoretical basis, but generally, the more secure the privacy set intersection method, the more complex encryption calculation and more communication are required.
The existing mainstream privacy set intersection algorithm is to encrypt and then directly intersect the ID, and has the advantages of high efficiency, obvious defects and lack of safety. In addition, in a scenario where the data volume difference between two parties of data set intersection is large, for example, the data volume of one party is hundred million or more, and the data of one party is much smaller than hundred million, the existing privacy-safe data set intersection method directly performs data set intersection on two parties of data set intersection, and the data volume of one party is large, so that the data set intersection efficiency is low.
In order to solve the problem of the prior art, embodiments of the present application provide a method, an apparatus, a device, and a storage medium for data set intersection with privacy security. The method includes the steps that firstly, a Hash mapping relation of data stored in a first terminal and a Hash mapping relation of data stored in a second terminal are built by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have the Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; and then, the first original data, namely the third original data and the second original data after being screened are applied to carry out intersection, and the data volume participating in intersection is greatly reduced due to the fact that irrelevant data is filtered in advance, so that the intersection efficiency of the data set is improved. First, a privacy-safe data set intersection method provided in the embodiment of the present application is described below.
Fig. 1 is a flowchart illustrating a privacy-safe data set submitting method according to an embodiment of the present application, where the method is performed between a first terminal and a second terminal, and the first terminal and the second terminal are communicatively connected, and based on the communication connection, the first terminal and the second terminal are capable of performing information interaction. As shown in fig. 1, the method may include the steps of:
s100, the second terminal sends a data set request to the first terminal.
The data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function. Because the hash function is irreversible, the hash data table does not reveal the real data of the second terminal, and the security is improved.
S102, after receiving a data set intersection request sent by a second terminal, the first terminal finds the intersection of the first hash data table and the second hash data table to obtain an intersection hash data table.
The first hash data table is constructed by the first terminal performing hash mapping relation on first original data stored by the first terminal through a first preset hash function.
And S104, the first terminal determines third original data.
And the third original data comprises the first original data which has a hash mapping relation with the intersection hash data table. And third original data which has a Hash mapping relation with the second Hash data table and the intersection Hash data table of the first Hash data table are screened out from the first original data, data irrelevant to the second original data in the first original data are eliminated, and the operation amount of intersection of subsequent data is reduced.
And S106, the first terminal encrypts the third original data by adopting a private key in a preset key pair to obtain first ciphertext data.
The preset key pair can be generated by adopting an RSA algorithm, and the data interaction safety is improved.
And S108, the first terminal sends the public key in the preset key pair to the second terminal.
And S110, the second terminal encrypts the second original data by using the public key to obtain second ciphertext data.
And the second terminal encrypts the second original data by using the public key, so that the security of subsequent data interaction is guaranteed.
And S112, the second terminal sends the second ciphertext data to the first terminal.
And S114, the first terminal encrypts the second ciphertext data by using the private key to obtain third ciphertext data.
And S116, transmitting the third ciphertext data and the first ciphertext data to the second terminal.
And S118, the second terminal performs intersection on the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result.
And S120, the second terminal applies a preset mapping table of the ciphertext and the original data to convert the ciphertext intersection result into the original data, and data intersection of the second original data and the first original data is obtained.
The method includes the steps that firstly, a Hash mapping relation of data stored in a first terminal and a Hash mapping relation of data stored in a second terminal are built by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have the Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; then, the first original data, namely the third original data and the second original data after being screened are applied to carry out intersection, and the data volume participating in intersection is greatly reduced due to the fact that irrelevant data is filtered in advance, so that the intersection efficiency of the data set is improved; moreover, since the public key encryption operation with a large amount of computation is performed in a centralized manner at the second terminal, the computational effort requirement for the first terminal is low.
In one embodiment, before S116, the method may further include:
and the first terminal performs data storage format conversion on the third ciphertext data by adopting a second preset hash function to obtain the third ciphertext data after the data storage format conversion.
The second preset hash function can be used for carrying out data storage format conversion on the data, can be selected as a cuckoo hash function, and reduces the storage occupation space of the third ciphertext data and the data communication traffic when the third ciphertext data is transmitted after the data storage format conversion.
In one embodiment, S110 may include:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain second ciphertext data.
Prior to S118, the method may further include: and decrypting the third ciphertext data by adopting a preset blind factor. And when the public key is used for encrypting the second original data, a preset blind factor is introduced to further encrypt the second original data, so that the safety of data interaction is further improved.
The method includes the steps that firstly, a Hash mapping relation of data stored in a first terminal and a Hash mapping relation of data stored in a second terminal are built by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have the Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; then, the first original data, namely the third original data and the second original data after being screened are applied to carry out intersection, and the data volume participating in intersection is greatly reduced due to the fact that irrelevant data is filtered in advance, so that the intersection efficiency of the data set is improved; and when the first terminal and the second terminal carry out data transmission, a secret key pair and a blind factor are adopted for carrying out encryption transmission, so that the safety of data interaction is improved.
Fig. 1 illustrates a privacy-safe data set intersection method, and the following describes an apparatus provided by an embodiment of the present application with reference to fig. 2 and fig. 3.
Fig. 2 is a schematic structural diagram illustrating a data set submitting apparatus for privacy security according to an embodiment of the present application, where the apparatus is applied to a first terminal, and each module in the apparatus shown in fig. 2 has a function of implementing each step in fig. 1, and can achieve its corresponding technical effect. As shown in fig. 2, the apparatus may include:
the obtaining module 210 is configured to obtain an intersection of the first hash data table and the second hash data table after receiving a data set intersection request sent by the second terminal, so as to obtain an intersection hash data table.
The data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in a second terminal through a first preset hash function. The first hash data table is constructed by performing a hash mapping relationship on first original data stored by the first terminal through a first preset hash function.
A determining module 220, configured to determine the third original data.
And the third original data comprises the first original data which has a hash mapping relation with the intersection hash data table.
The encrypting module 230 is configured to encrypt the third original data by using a private key in a preset key pair to obtain first ciphertext data.
And the sending module is used for sending the public key in the preset key pair to the second terminal.
And the receiving module is used for receiving the second ciphertext data. And the second ciphertext data is obtained by encrypting the second original data through the second terminal application public key.
The encrypting module 230 is further configured to encrypt the second ciphertext data with the private key to obtain third ciphertext data.
And a sending module 240, configured to send the third ciphertext data and the first ciphertext data to the second terminal.
And the second terminal performs intersection on the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and converts the ciphertext intersection result into original data by applying a preset mapping table of the ciphertext and the original data to obtain a data intersection of the second original data and the first original data.
The method includes the steps that firstly, a Hash mapping relation of data stored in a first terminal and a Hash mapping relation of data stored in a second terminal are built by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have the Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; and then, the first original data, namely the third original data and the second original data after being screened are applied to carry out intersection, and the data volume participating in intersection is greatly reduced due to the fact that irrelevant data is filtered in advance, so that the intersection efficiency of the data set is improved.
In one embodiment, the apparatus may further comprise:
and the conversion module 250 is configured to perform data storage format conversion on the third ciphertext data by using a second preset hash function before the third ciphertext data is sent to the second terminal, so as to obtain the third ciphertext data after the data storage format conversion.
The method includes the steps that firstly, a Hash mapping relation of data stored in a first terminal and a Hash mapping relation of data stored in a second terminal are built by using the same first preset Hash function based on first original data and second original data respectively to obtain a first Hash data table and a second Hash data table, third original data which have the Hash mapping relation with an intersection Hash data table of the second Hash data table and the first Hash data table are screened out from the first original data, and data irrelevant to the second original data in the first original data are eliminated; then, the first original data, namely the third original data and the second original data after being screened are applied to carry out intersection, and the data volume participating in intersection is greatly reduced due to the fact that irrelevant data is filtered in advance, so that the intersection efficiency of the data set is improved; moreover, since the public key encryption operation with a large amount of computation is performed in a centralized manner at the second terminal, the computational effort requirement for the first terminal is low.
Fig. 3 is a schematic structural diagram illustrating a data set submitting apparatus for privacy security according to an embodiment of the present application, where the apparatus is applied to a second terminal, and each module in the apparatus shown in fig. 3 has a function of implementing each step in fig. 1, and can achieve its corresponding technical effect. As shown in fig. 3, the apparatus may include:
a sending module 310, configured to send a data set request to a first terminal.
The data set intersection request is used for the first terminal to obtain the intersection of the first hash data table and the second hash data table to obtain an intersection hash data table. The data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored in the second terminal through a first preset hash function. The first hash data table is constructed by performing a hash mapping relationship on first original data stored by the first terminal through a first preset hash function.
The receiving module 320 is configured to receive a public key in a preset key pair sent by the first terminal.
The encrypting module 330 is configured to encrypt the second original data with the public key to obtain second ciphertext data.
The sending module 310 is configured to send the second ciphertext data to the first terminal, and is configured to encrypt the second ciphertext data by using a private key of the first terminal, so as to obtain third ciphertext data.
The receiving module 320 is configured to receive the third ciphertext data and the first ciphertext data.
The first ciphertext data is obtained by encrypting third original data through a first terminal application private key, and the third original data comprises first original data having a Hash mapping relation with an intersection Hash data table.
And the intersection module 340 is configured to intersect the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result.
The converting module 350 is configured to convert the ciphertext intersection result into the original data by using a preset mapping table of the ciphertext and the original data, so as to obtain a data intersection of the second original data and the first original data.
In an embodiment, the encryption module 330 may be specifically configured to:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain second ciphertext data.
Fig. 4 shows a schematic structural diagram of a data set submitting device for privacy security according to an embodiment of the present application. As shown in fig. 4, the apparatus may include a processor 401 and a memory 402 storing computer program instructions.
Specifically, the processor 401 may include a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Memory 402 may include mass storage for data or instructions. By way of example, and not limitation, memory 402 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. In one example, memory 402 may include removable or non-removable (or fixed) media, or memory 402 is non-volatile solid-state memory. The memory 402 may be internal or external to the integrated gateway disaster recovery device.
In one example, the Memory 402 may be a Read Only Memory (ROM). In one example, the ROM may be mask programmed ROM, programmable ROM (prom), erasable prom (eprom), electrically erasable prom (eeprom), electrically rewritable ROM (earom), or flash memory, or a combination of two or more of these.
The processor 401 reads and executes the computer program instructions stored in the memory 402 to implement the method in the embodiment shown in fig. 1, and achieve the corresponding technical effect achieved by the embodiment shown in fig. 1 executing the method, which is not described herein again for brevity.
In one example, the privacy-safe data set intersection device may also include a communication interface 403 and a bus 410. As shown in fig. 4, the processor 401, the memory 402, and the communication interface 403 are connected via a bus 410 to complete communication therebetween.
The communication interface 403 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application.
Bus 410 comprises hardware, software, or both that couple the components of the online data traffic billing device to one another. By way of example, and not limitation, a Bus may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industry Standard Architecture (EISA) Bus, a Front-SIDe Bus (Front SIDe Bus, FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) Bus, an InfiniBand interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a Micro Channel Architecture (MCA) Bus, a Peripheral Component Interconnect (PCI) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (SATA) Bus, a video electronics standards Association local (VLB) Bus, or other suitable Bus or a combination of two or more of these. Bus 410 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The privacy-safe data set intersection device can execute the privacy-safe data set intersection method in the embodiment of the application, so that the corresponding technical effect of the privacy-safe data set intersection method described in fig. 1 is achieved.
In addition, in combination with the privacy-safe data set intersection method in the foregoing embodiments, the embodiments of the present application may provide a computer storage medium to implement. The computer storage medium having computer program instructions stored thereon; the computer program instructions, when executed by a processor, implement any of the above embodiments of the privacy-safe data set intersection method.
It is to be understood that the present application is not limited to the particular arrangements and instrumentality described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions or change the order between the steps after comprehending the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic Circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware for performing the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As described above, only the specific embodiments of the present application are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.

Claims (10)

1. A privacy-safe data set intersection method is applied to a first terminal and comprises the following steps:
after a data set intersection request sent by a second terminal is received, the intersection of the first hash data table and the second hash data table is obtained, and an intersection hash data table is obtained; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored by the second terminal through a first preset hash function; the first hash data table is constructed by performing hash mapping on first original data stored by the first terminal through the first preset hash function;
determining third raw data, wherein the third raw data comprises the first raw data having a hash mapping relation with the intersection hash data table;
encrypting the third original data by using a private key in a preset key pair to obtain first ciphertext data;
sending the public key in the preset key pair to the second terminal;
receiving second ciphertext data; the second ciphertext data is obtained by encrypting the second original data by the second terminal by applying the public key;
encrypting the second ciphertext data by using the private key to obtain third ciphertext data;
transmitting the third ciphertext data and the first ciphertext data to the second terminal; and the second terminal is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and the preset mapping table of the ciphertext and the original data is used for converting the ciphertext intersection result into the original data to obtain a data intersection of the second original data and the first original data.
2. The privacy-safe data set intersection method of claim 1, wherein before the sending the third ciphertext data to the second terminal, the method further comprises:
and performing data storage format conversion on the third ciphertext data by adopting a second preset hash function to obtain the third ciphertext data after the data storage format conversion.
3. A privacy-safe data set intersection method is applied to a second terminal and comprises the following steps:
sending a data set intersection request to a first terminal, wherein the data set intersection request is used for the first terminal to obtain the intersection of a first hash data table and a second hash data table to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored by the second terminal through a first preset hash function; the first hash data table is constructed by performing hash mapping on first original data stored by the first terminal through the first preset hash function;
receiving a public key in a preset key pair sent by the first terminal;
encrypting the second original data by using the public key to obtain second ciphertext data;
sending the second ciphertext data to the first terminal, wherein the second ciphertext data is used for the first terminal to encrypt the second ciphertext data by using a private key to obtain third ciphertext data;
receiving the third ciphertext data and the first ciphertext data; the first ciphertext data is obtained by the first terminal through encrypting third original data by applying the private key, and the third original data comprises the first original data which has a hash mapping relation with the intersection hash data table;
intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result;
and converting the ciphertext intersection result into original data by adopting a preset mapping table of the ciphertext and the original data to obtain a data intersection of the second original data and the first original data.
4. The privacy-safe data set intersection method of claim 3, wherein encrypting the second original data with the public key to obtain second ciphertext data comprises:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain the second ciphertext data.
5. A privacy-safe data set submitting device, applied to a first terminal, comprising:
the solving module is used for solving the intersection of the first hash data table and the second hash data table after receiving a data set intersection solving request sent by the second terminal to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored by the second terminal through a first preset hash function; the first hash data table is constructed by performing hash mapping on first original data stored by the first terminal through the first preset hash function;
a determining module, configured to determine third raw data, where the third raw data includes the first raw data having a hash mapping relationship with the intersection hash data table;
the encryption module is used for encrypting the third original data by adopting a private key in a preset key pair to obtain first ciphertext data;
a sending module, configured to send the public key in the preset key pair to the second terminal;
the receiving module is used for receiving the second ciphertext data; the second ciphertext data is obtained by encrypting the second original data by the second terminal by applying the public key;
the encryption module is further configured to encrypt the second ciphertext data by using the private key to obtain third ciphertext data;
a sending module, configured to send the third ciphertext data and the first ciphertext data to the second terminal; and the second terminal is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result, and the preset mapping table of the ciphertext and the original data is used for converting the ciphertext intersection result into the original data to obtain a data intersection of the second original data and the first original data.
6. The privacy-safe data set intersection apparatus of claim 5, the apparatus further comprising:
and the conversion module is used for performing data storage format conversion on the third ciphertext data by adopting a second preset hash function before the third ciphertext data is sent to the second terminal to obtain the third ciphertext data after the data storage format conversion.
7. A privacy-safe data set submitting device, applied to a second terminal, comprising:
the sending module is used for sending a data set intersection request to a first terminal, and the first terminal is used for obtaining the intersection of a first hash data table and a second hash data table to obtain an intersection hash data table; the data set intersection request comprises a second hash data table, and the second hash data table is constructed by performing hash mapping on second original data stored by the second terminal through a first preset hash function; the first hash data table is constructed by performing hash mapping on first original data stored by the first terminal through the first preset hash function;
the receiving module is used for receiving a public key in a preset key pair sent by the first terminal;
the encryption module is used for encrypting the second original data by adopting the public key to obtain second ciphertext data;
a sending module, configured to send the second ciphertext data to the first terminal, where the second ciphertext data is encrypted by the first terminal using a private key to obtain third ciphertext data;
the receiving module is used for receiving the third ciphertext data and the first ciphertext data; the first ciphertext data is obtained by the first terminal through encrypting third original data by applying the private key, and the third original data comprises the first original data which has a hash mapping relation with the intersection hash data table;
the intersection module is used for intersecting the first ciphertext data and the third ciphertext data to obtain a ciphertext intersection result;
and the conversion module is used for converting the ciphertext intersection result into the original data by adopting a preset mapping table of the ciphertext and the original data to obtain the data intersection of the second original data and the first original data.
8. The privacy-safe data set submitting apparatus as claimed in claim 7, wherein the encryption module is specifically configured to:
and encrypting the second original data by adopting the public key and a preset blind factor to obtain the second ciphertext data.
9. A privacy-safe data set submission device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which when executed by the processor implements the method of any one of claims 1 to 4.
10. A computer-readable storage medium, on which an implementation program of information transfer is stored, which when executed by a processor implements the method of any one of claims 1 to 4.
CN202111110460.6A 2021-09-23 2021-09-23 Privacy safety data set intersection method, device, equipment and storage medium Active CN113569267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111110460.6A CN113569267B (en) 2021-09-23 2021-09-23 Privacy safety data set intersection method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111110460.6A CN113569267B (en) 2021-09-23 2021-09-23 Privacy safety data set intersection method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113569267A CN113569267A (en) 2021-10-29
CN113569267B true CN113569267B (en) 2021-12-14

Family

ID=78173978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111110460.6A Active CN113569267B (en) 2021-09-23 2021-09-23 Privacy safety data set intersection method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113569267B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113761563B (en) * 2021-11-05 2022-02-08 深圳致星科技有限公司 Data intersection calculation method and device and electronic equipment
CN114374518B (en) * 2021-12-08 2022-10-28 神州融安数字科技(北京)有限公司 PSI (program specific information) intersection information acquisition method and device with intersection counting function and storage medium
CN114448702B (en) * 2022-01-29 2024-02-27 中国工商银行股份有限公司 Data encryption method and device based on privacy set intersection
CN114726542B (en) * 2022-04-08 2024-04-09 中国再保险(集团)股份有限公司 Data transmission method and device based on privacy intersection
CN115935438B (en) * 2023-02-03 2023-05-23 杭州金智塔科技有限公司 Data privacy exchange system and method
CN116244753B (en) * 2023-05-12 2023-08-15 建信金融科技有限责任公司 Method, device, equipment and storage medium for intersection of private data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495465A (en) * 2018-11-05 2019-03-19 河南师范大学 Privacy set intersection method based on intelligent contract
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium
US10878108B1 (en) * 2020-02-03 2020-12-29 Qed-It Systems Ltd. Delegated private set intersection, and applications thereof
CN112580072A (en) * 2020-12-09 2021-03-30 深圳前海微众银行股份有限公司 Data set intersection method and device
CN112948878A (en) * 2021-03-05 2021-06-11 支付宝(杭州)信息技术有限公司 Privacy-protecting set intersection calculation method and device
CN113225186A (en) * 2021-05-31 2021-08-06 平安科技(深圳)有限公司 Private data intersection solving method and device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495465A (en) * 2018-11-05 2019-03-19 河南师范大学 Privacy set intersection method based on intelligent contract
US10878108B1 (en) * 2020-02-03 2020-12-29 Qed-It Systems Ltd. Delegated private set intersection, and applications thereof
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium
CN112580072A (en) * 2020-12-09 2021-03-30 深圳前海微众银行股份有限公司 Data set intersection method and device
CN112948878A (en) * 2021-03-05 2021-06-11 支付宝(杭州)信息技术有限公司 Privacy-protecting set intersection calculation method and device
CN113225186A (en) * 2021-05-31 2021-08-06 平安科技(深圳)有限公司 Private data intersection solving method and device, computer equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Improved Secure Efficient Delegated Private Set Intersection;Alireza Kavousi,等;《2020 28th Iranian Conference on Electrical Engineering (ICEE)》;20201126;第1-6页 *
一种改进PSI协议的基因数据隐私保护方案;田美金,等;《西安电子科技大学学报》;20200731;第47卷(第4期);第94-101页 *

Also Published As

Publication number Publication date
CN113569267A (en) 2021-10-29

Similar Documents

Publication Publication Date Title
CN113569267B (en) Privacy safety data set intersection method, device, equipment and storage medium
CN109660346B (en) Information hosting method, device, equipment and computer storage medium
CN112084234B (en) Data acquisition method, device, equipment and medium
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN105164689A (en) User authentication
CN110955921A (en) Electronic signature method, device, equipment and storage medium
CN110659899B (en) Offline payment method, device and equipment
CN106656993A (en) Dynamic verification code verifying method and apparatus
CN112084527B (en) Data storage and acquisition method, device, equipment and medium
CN115344848B (en) Identification acquisition method, device, equipment and computer readable storage medium
CN116091224A (en) Blockchain transaction method and device based on hybrid encryption and electronic equipment
CN107395350B (en) Method and system for generating key and key handle and intelligent key safety equipment
CN115499837A (en) Communication method, device, equipment and storage medium based on secure transport layer protocol
TW201828134A (en) Ciphertext-based identity verification method
CN111093169B (en) Communication establishing method and device
CN111428279B (en) Explicit certificate generation method, device, equipment and storage medium
CN114386075A (en) Data transmission channel establishing method, data transmission device, data transmission equipment and medium
CN116305300B (en) Fair privacy set intersection method
CN114417308A (en) Authorization management method, device, system, equipment and computer storage medium
CN116419231A (en) Login method, device, equipment and medium
CN117879809A (en) Method, device, equipment and storage medium for generating secret key
CN116155482A (en) Voice data transmission method, device, equipment and storage medium
CN117235762A (en) Password management method, device, apparatus, computer storage medium, and program product
CN116611095A (en) Data processing method, apparatus, device, medium, and program product
CN116228228A (en) Block chain encryption transaction method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant