CN113645022A - Method and device for determining privacy set intersection, electronic equipment and storage medium - Google Patents

Method and device for determining privacy set intersection, electronic equipment and storage medium Download PDF

Info

Publication number
CN113645022A
CN113645022A CN202110911496.8A CN202110911496A CN113645022A CN 113645022 A CN113645022 A CN 113645022A CN 202110911496 A CN202110911496 A CN 202110911496A CN 113645022 A CN113645022 A CN 113645022A
Authority
CN
China
Prior art keywords
element set
server
public key
data set
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110911496.8A
Other languages
Chinese (zh)
Other versions
CN113645022B (en
Inventor
张宇
汪宗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202110911496.8A priority Critical patent/CN113645022B/en
Publication of CN113645022A publication Critical patent/CN113645022A/en
Application granted granted Critical
Publication of CN113645022B publication Critical patent/CN113645022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for determining privacy set intersection, electronic equipment and a storage medium. And then the public key and the second element set are sent to the server. Because the second element set contains random number of ciphertexts corresponding to 0, the server cannot deduce the number of the client data according to the number of the elements in the second element set, and thus the privacy protection effect on the number of the client data is achieved.

Description

Method and device for determining privacy set intersection, electronic equipment and storage medium
Technical Field
The present invention relates to the field of technologies, and in particular, to a method and an apparatus for determining an intersection of privacy sets, an electronic device, and a storage medium.
Background
The PSI (private set intersection) of the privacy set is used for calculating the intersection of a data set provided by a client and a data set provided by a server through a series of underlying cryptography technologies, and data except the intersection in the set cannot be disclosed, so that the method is widely applied to practical scenes such as blacklist sharing, marketing matching and the like. In the prior art, when solving the intersection of data sets, a polynomial is first constructed according to a data set of a client, each coefficient of the polynomial forms an element set, the client sends the element set to a server, and the server can determine the data quantity in the data set of the client according to the quantity in the element set. Therefore, the prior art has a problem that although data outside the intersection in the set is not leaked, the amount of data contained in the client data set is leaked. However, in the scenarios such as marketing matching, the amount of data contained in the set also needs to be kept secret, and the existing scheme cannot meet the requirement.
Disclosure of Invention
The embodiment of the invention provides a method and a device for determining an intersection of privacy sets, electronic equipment and a storage medium, which are used for solving the problem that the existing scheme reveals the data quantity contained in a client data set.
The embodiment of the invention provides a method for determining an intersection of privacy sets, which comprises the following steps:
constructing a first polynomial according to a first data set of a client, and forming a first element set by each term coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set;
sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Further, the encrypting each element in the first element set and a random number of 0 s by using a public key to obtain an encrypted second element set includes:
encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set respectively, and encrypting the random number of 0 by adopting the public key to obtain the ciphertext corresponding to the random number of 0 respectively; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
Further, the constructing the first polynomial according to the first data set of the client includes:
and constructing the first polynomial by using an interpolation method according to the first data set of the client, so that the solution of the first polynomial being 0 is the first data set.
In another aspect, an embodiment of the present invention provides a method for determining a privacy set intersection, where the method includes:
receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial and encrypting each element and a random number of 0 s in the first element set by adopting the public key;
determining a third element set after the server side is encrypted according to the second element set, a second data set of the server side and the public key;
and sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Further, the determining, according to the second element set, the second data set of the server, and the public key, the third element set encrypted by the server includes:
and determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
Further, the determining, according to the second element set, the second data set of the server, the public key, and the random parameter, the third element set encrypted by the server by using a homomorphic encryption algorithm includes:
determining a fourth element set encrypted by the server side by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server side, the public key and the random parameter; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
In another aspect, an embodiment of the present invention provides an apparatus for determining a privacy set intersection, where the apparatus includes:
the first determining module is used for constructing a first polynomial according to a first data set of a client, and each term coefficient of the first polynomial forms a first element set;
the encryption module is used for encrypting each element in the first element set and 0 in random number by adopting a public key to obtain an encrypted second element set;
the transmission module is used for sending the public key and the second element set to a server and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and the second determining module is used for decrypting each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Further, the encryption module is specifically configured to encrypt each element in the first element set by using a public key to obtain ciphertext corresponding to each element in the first element set, and encrypt the random number of 0 by using the public key to obtain ciphertexts corresponding to the random number of 0; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
Further, the first determining module is specifically configured to construct the first polynomial according to a first data set of the client by using an interpolation method, so that a solution of the first polynomial being 0 is the first data set.
In another aspect, an embodiment of the present invention provides an apparatus for determining a privacy set intersection, where the apparatus includes:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a public key and an encrypted second element set sent by a client, the second element set is obtained by constructing a first polynomial according to a first data set of the client, each element coefficient of the first polynomial forms a first element set, and each element and random number of 0 in the first element set are encrypted by adopting the public key;
a third determining module, configured to determine, according to the second element set, the second data set of the server, and the public key, a third element set after the server is encrypted;
and the sending module is used for sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determines an intersection of the first data set and the second data set.
Further, the third determining module is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a third element set encrypted by the server by using a homomorphic encryption algorithm.
Further, the third determining module is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a fourth element set encrypted by the server by using a homomorphic encryption algorithm; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
On the other hand, the embodiment of the invention provides electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing any of the above method steps when executing a program stored in the memory.
In another aspect, an embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method steps of any one of the above.
The embodiment of the invention provides a method and a device for determining an intersection of privacy sets, electronic equipment and a storage medium, wherein the method comprises the following steps: constructing a first polynomial according to a first data set of a client, and forming a first element set by each term coefficient of the first polynomial; encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set; sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key; and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The technical scheme has the following advantages or beneficial effects:
in the embodiment of the invention, a client side constructs a first polynomial according to a first data set, and after a first element set is formed by each item coefficient of the first polynomial, each element in the first element set and a random number of 0 are encrypted to obtain an encrypted second element set. And then the public key and the second element set are sent to the server. Because the second element set contains random number of ciphertexts corresponding to 0, the server cannot deduce the number of the client data according to the number of the elements in the second element set, and thus the privacy protection effect on the number of the client data is achieved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a process of determining an intersection of privacy sets according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a process of determining an intersection of privacy sets according to embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for determining an intersection of privacy sets according to embodiment 3 of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for determining an intersection of privacy sets according to embodiment 4 of the present invention;
fig. 5 is a schematic structural diagram of an electronic device provided in embodiment 5 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the attached drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
fig. 1 is a schematic diagram of a process of determining a privacy set intersection according to an embodiment of the present invention, where the process includes the following steps:
s101: according to a first data set of a client, a first polynomial is constructed, and each term coefficient of the first polynomial forms a first element set.
S102: and encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set.
S103: and sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key.
S104: and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The method for determining the intersection of the privacy sets provided by the embodiment of the invention is applied to the client, and the intersection of the privacy sets is determined, namely the intersection of the privacy data set of the client and the privacy data set of the server is determined. The data set of the client is called a first data set, and a first polynomial is constructed according to the first data set of the client. The constructing a first polynomial according to the first data set of the client comprises: and constructing the first polynomial by using an interpolation method according to the first data set of the client, so that the solution of the first polynomial being 0 is the first data set.
After the first polynomial is constructed, a first element set is formed from each term coefficient of the first polynomial. And encrypting each element in the first element set and 0 in random number by adopting a public key to obtain an encrypted second element set. Assume that the first polynomial constructed is p (y) ═ a0x0+a1x1+a2x2. The first element set comprises (a0, a1, a 2). It will be appreciated that to ensure that the solution of the first polynomial being 0 is a first set of data, the first polynomial may be written as p (y) a0x0+a1x1+a2x2+0x3+0x4+0x5… … are provided. Therefore, the embodiment of the present invention proposes that each element in the first element set and a random number of 0 s are encrypted by using a public key to obtain an encrypted second element set. A random number of 0 s may be added to the first element set, and then each element in the first element set is encrypted by using a public key, so as to obtain a second element set. Or respectively encrypting each element in the first element set by using a public key, then encrypting a random number of 0 by using the public key, and then using the encrypted ciphertext as a second element set.
In this embodiment of the present invention, the encrypting each element and a random number of 0 s in the first element set by using a public key to obtain an encrypted second element set includes:
encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set respectively, and encrypting the random number of 0 by adopting the public key to obtain the ciphertext corresponding to the random number of 0 respectively; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
In the embodiment of the present invention, in order to determine the privacy set intersection, a random number of ciphertexts corresponding to 0 respectively may be added to the ciphertexts corresponding to each element in the first element set, so as to obtain an encrypted second element set.
And after determining the encrypted second element set, the client sends the public key and the second element set to the server. And the server side determines an encrypted third element set based on the second element set, the second data set of the server side and the public key, and sends the third element set back to the client side. The client decrypts each element in the third element set by using a private key corresponding to the public key to obtain a second data set of the server, and then determines the intersection of the first data set and the second data set.
In the embodiment of the invention, a client side constructs a first polynomial according to a first data set, and after a first element set is formed by each item coefficient of the first polynomial, each element in the first element set and a random number of 0 are encrypted to obtain an encrypted second element set. And then the public key and the second element set are sent to the server. Because the second element set contains random number of ciphertexts corresponding to 0, the server cannot deduce the number of the client data according to the number of the elements in the second element set, and thus the privacy protection effect on the number of the client data is achieved.
Example 2:
fig. 2 is a schematic diagram of a process of determining a privacy set intersection according to an embodiment of the present invention, where the process includes the following steps:
s201: the method comprises the steps of receiving a public key sent by a client and an encrypted second element set, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial and encrypting each element and random number of 0 s in the first element set by adopting the public key.
S202: and determining a third element set after the server side is encrypted according to the second element set, the second data set of the server side and the public key.
S203: and sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The method for determining the intersection of the privacy sets provided by the embodiment of the invention is applied to the server side.
The client side constructs a first polynomial according to a first data set of the client side, and each term coefficient of the first polynomial forms a first element set; and encrypting each element in the first element set and 0 in random number by adopting a public key to obtain an encrypted second element set. And sending the second element set and the public key to the server.
And the server receives the public key and the encrypted second element set sent by the client, and determines a third element set encrypted by the server according to the second element set, the second data set of the server and the public key. And then sending the encrypted third element set to the client. The client decrypts each element in the third element set by using a private key corresponding to the public key to obtain a second data set of the server, and then determines the intersection of the first data set and the second data set.
In this embodiment of the present invention, the determining, according to the second element set, the second data set of the server, and the public key, the third element set encrypted by the server includes:
and determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
Specifically, the determining, according to the second element set, the second data set of the server, the public key, and the random parameter, the third element set encrypted by the server by using a homomorphic encryption algorithm includes:
determining a fourth element set encrypted by the server side by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server side, the public key and the random parameter; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
It should be noted that, in the embodiment of the present invention, after a random number of ciphertexts are selected from the cipher text space and added to each element in the fourth element set, the third element set is obtained. The client decrypts each element in the third element set by using a private key to obtain a second data set of the server, wherein the obtained second data set comprises data of the server and interference item data corresponding to random number of ciphertexts. The third element set is obtained by selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set, so that the client cannot deduce the number of data of the server, and the privacy protection effect on the number of data contained in the server is achieved. Before the random number of ciphertexts are not added, the second data set of the server does not contain the interference item data corresponding to the random number of ciphertexts.
The process of determining the privacy set intersection is described in detail below.
Client (C) and server (S).
C has a first data set of X ═ Xi|i=1,2…kc,xi∈ZnThe second data set of S is Y ═ Yi|i=1,2…ks,yi∈Zn}。
C, executing the following steps:
(1) generating a public and private key Pair (PK) of a homomorphic encryption algorithm Paillerc,SKc) Secretly storing the private key SKcPublishing the public key PK to the serverc
(2) Obtaining a first polynomial using interpolation
Figure BDA0003203816470000101
Let the set of solutions for equation p (y) ═ 0 be X.
(3) For a first set of elements { au|u=0,1…KcExecuting paillier public key encryption to each element in the set to obtain a set
Figure BDA0003203816470000102
Randomly selecting an integer KtComputing an acquisition set
Figure BDA0003203816470000103
Here we mean using a public key pair to a random number KtAnd 0 is encrypted.
(4) Will E2All elements in (a) are added to the set E1After all elements in (E), the set E ═ { E } is obtainedi|i=0,1,…Kc+Kt}. The set E is a second element set, and E is sent to S.
S executing the following steps:
(1) aiming at all Y belonging to Y, calculating according to the characteristics of Paillier algorithm
Figure BDA0003203816470000104
Figure BDA0003203816470000105
Wherein n is a Paillier algorithm parameter.
(2) Selecting a random parameter r, and calculating
Figure BDA0003203816470000106
Figure BDA0003203816470000107
Substituting each data in the second data set of the server into the formula to obtain a set CT1
(3) Randomly selecting an integer Kt'. Randomly selecting K in the ciphertext space of pailliert' individual ciphertexts CT, constituting a set CT2. Will CT2Each element of (1) is added to the CT1After all elements of (c), a third set of elements CT is acquired. The CT is sent to C.
C, executing the following steps:
(1) for each element CT in CTiExecute mi=DecSKc(cti). Namely, each element ct is subjected to a private key corresponding to the public keyiDecryption is performed.
(2) Set of outputs { miThe intersection of X and Y.
Because the decrypted set of the client is { mi ═ rp (yi) + yi }. And the set of solutions for polynomial p (y) 0 is X ═ { xi }. If an element yi in the server input is equal to an element in the set X, then r ═ p (yi)) is 0, and mi ═ r ═ p (yi)) + yi ═ yi, the result must exist in the set X. Therefore, the client can obtain the intersection of X and Y by observing the intersection of the decryption result set and the client input set X.
Example 3:
fig. 3 is a schematic structural diagram of an apparatus for determining a privacy set intersection according to an embodiment of the present invention, where the apparatus includes:
a first determining module 31, configured to construct a first polynomial according to a first data set of a client, where each term coefficient of the first polynomial forms a first element set;
the encryption module 32 is configured to encrypt each element in the first element set and a random number of 0 s by using a public key to obtain an encrypted second element set;
the transmission module 33 is configured to send the public key and the second element set to a server, and receive an encrypted third element set sent by the server, where the third element set is determined by the server based on the second element set, a second data set of the server, and the public key;
a second determining module 34, configured to decrypt each element in the third element set with a private key, to obtain a second data set of the server, and determine an intersection of the first data set and the second data set.
The encryption module 32 is specifically configured to encrypt each element in the first element set by using a public key to obtain ciphertext corresponding to each element in the first element set, and encrypt the random number of 0 by using the public key to obtain ciphertext corresponding to the random number of 0; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
The first determining module 31 is specifically configured to construct the first polynomial by using an interpolation method according to a first data set of the client, so that a solution of the first polynomial being 0 is the first data set.
Example 4:
fig. 4 is a schematic structural diagram of an apparatus for determining a privacy set intersection according to an embodiment of the present invention, where the apparatus includes:
a receiving module 41, configured to receive a public key and an encrypted second element set sent by a client, where the second element set is obtained by constructing a first polynomial according to a first data set of the client, and each element in the first element set and a random number of 0 s are encrypted by using the public key, and the first polynomial is composed of each coefficient of the first polynomial;
a third determining module 42, configured to determine, according to the second element set, the second data set of the server, and the public key, a third element set after the server is encrypted;
a sending module 43, configured to send the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determines an intersection of the first data set and the second data set.
The third determining module 42 is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a third element set after the server is encrypted by using a homomorphic encryption algorithm.
The third determining module 42 is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a fourth element set encrypted by the server by using a homomorphic encryption algorithm; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
Example 5:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides an electronic device, and it should be noted that, in the embodiment of the present invention, a client and a server are collectively referred to as an electronic device, as shown in fig. 5, the electronic device includes: the system comprises a processor 301, a communication interface 302, a memory 303 and a communication bus 304, wherein the processor 301, the communication interface 302 and the memory 303 complete mutual communication through the communication bus 304;
if the electronic device is a client, the memory 303 stores a computer program, which when executed by the processor 301, causes the processor 301 to perform the steps of:
constructing a first polynomial according to a first data set of a client, and forming a first element set by each term coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set;
sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Based on the same inventive concept, the embodiment of the present invention further provides an electronic device, and as the principle of solving the problem of the electronic device is similar to the method for determining the intersection of the privacy sets, the implementation of the electronic device may refer to the implementation of the method, and repeated details are not repeated.
The electronic device provided by the embodiment of the invention can be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), a network side device and the like.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface 302 is used for communication between the above-described electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
When the processor executes the program stored in the memory, the embodiment of the invention realizes that a first polynomial is constructed according to a first data set of a client, and each item coefficient of the first polynomial forms a first element set; encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set; sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key; and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
In the embodiment of the invention, a client side constructs a first polynomial according to a first data set, and after a first element set is formed by each item coefficient of the first polynomial, each element in the first element set and a random number of 0 are encrypted to obtain an encrypted second element set. And then the public key and the second element set are sent to the server. Because the second element set contains random number of ciphertexts corresponding to 0, the server cannot deduce the number of the client data according to the number of the elements in the second element set, and thus the privacy protection effect on the number of the client data is achieved.
If the electronic device is a server, the memory 303 stores a computer program, and when the computer program is executed by the processor 301, the processor 301 executes the following steps:
receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial and encrypting each element and a random number of 0 s in the first element set by adopting the public key;
determining a third element set after the server side is encrypted according to the second element set, a second data set of the server side and the public key;
and sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Example 6:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides a computer storage readable storage medium, where a computer program executable by an electronic device is stored in the computer storage readable storage medium, and if the electronic device is a client, when the program is run on the electronic device, the electronic device is caused to execute the following steps:
constructing a first polynomial according to a first data set of a client, and forming a first element set by each term coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set;
sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
If the electronic device is a client, when the program runs on the electronic device, the electronic device is enabled to execute the following steps:
receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial and encrypting each element and a random number of 0 s in the first element set by adopting the public key;
determining a third element set after the server side is encrypted according to the second element set, a second data set of the server side and the public key;
and sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (14)

1. A method of determining privacy set intersection, the method comprising:
constructing a first polynomial according to a first data set of a client, and forming a first element set by each term coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by using a public key to obtain an encrypted second element set;
sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
2. The method of claim 1, wherein the encrypting each element in the first set of elements and a random number of 0 s with a public key to obtain an encrypted second set of elements comprises:
encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set respectively, and encrypting the random number of 0 by adopting the public key to obtain the ciphertext corresponding to the random number of 0 respectively; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
3. The method of claim 1, wherein constructing the first polynomial based on the first set of data for the client comprises:
and constructing the first polynomial by using an interpolation method according to the first data set of the client, so that the solution of the first polynomial being 0 is the first data set.
4. A method of determining privacy set intersection, the method comprising:
receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial and encrypting each element and a random number of 0 s in the first element set by adopting the public key;
determining a third element set after the server side is encrypted according to the second element set, a second data set of the server side and the public key;
and sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
5. The method of claim 4, wherein the determining a server-side encrypted third element set according to the second element set, the server-side second data set, and the public key comprises:
and determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
6. The method of claim 5, wherein the determining the encrypted third element set of the server by using a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter comprises:
determining a fourth element set encrypted by the server side by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server side, the public key and the random parameter; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
7. An apparatus for determining a privacy set intersection, the apparatus comprising:
the first determining module is used for constructing a first polynomial according to a first data set of a client, and each term coefficient of the first polynomial forms a first element set;
the encryption module is used for encrypting each element in the first element set and 0 in random number by adopting a public key to obtain an encrypted second element set;
the transmission module is used for sending the public key and the second element set to a server and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, a second data set of the server and the public key;
and the second determining module is used for decrypting each element in the third element set by using a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
8. The apparatus according to claim 7, wherein the encryption module is specifically configured to encrypt each element in the first element set by using a public key to obtain ciphertexts corresponding to each element in the first element set, and encrypt the random number of 0 s by using the public key to obtain the ciphertexts corresponding to the random number of 0 s; and adding the random number of ciphertexts respectively corresponding to the 0 elements into the ciphertexts respectively corresponding to each element in the first element set to obtain an encrypted second element set.
9. The apparatus of claim 7, wherein the first determining module is specifically configured to construct the first polynomial using interpolation according to a first data set of the client, such that a solution of 0 for the first polynomial is the first data set.
10. An apparatus for determining a privacy set intersection, the apparatus comprising:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a public key and an encrypted second element set sent by a client, the second element set is obtained by constructing a first polynomial according to a first data set of the client, each element coefficient of the first polynomial forms a first element set, and each element and random number of 0 in the first element set are encrypted by adopting the public key;
a third determining module, configured to determine, according to the second element set, the second data set of the server, and the public key, a third element set after the server is encrypted;
and the sending module is used for sending the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key to obtain a second data set of the server, and determines an intersection of the first data set and the second data set.
11. The apparatus of claim 10, wherein the third determining module is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a third element set after the server is encrypted by using a homomorphic encryption algorithm.
12. The apparatus according to claim 11, wherein the third determining module is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a fourth element set encrypted by the server by using a homomorphic encryption algorithm; and selecting a random number of ciphertexts in the cipher text space and adding the ciphertexts into each element in the fourth element set to obtain a third element set.
13. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1 to 6 when executing a program stored in the memory.
14. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1-6.
CN202110911496.8A 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets Active CN113645022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110911496.8A CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110911496.8A CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Publications (2)

Publication Number Publication Date
CN113645022A true CN113645022A (en) 2021-11-12
CN113645022B CN113645022B (en) 2024-06-18

Family

ID=78420464

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110911496.8A Active CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Country Status (1)

Country Link
CN (1) CN113645022B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242464A (en) * 2022-07-01 2022-10-25 浙江网商银行股份有限公司 Service processing method, system, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120059435A (en) * 2010-11-30 2012-06-08 고려대학교 산학협력단 Set operation method for protecting privacy
US20180367293A1 (en) * 2017-06-15 2018-12-20 Microsoft Technology Licensing, Llc Private set intersection encryption techniques
CN109886029A (en) * 2019-01-28 2019-06-14 湖北工业大学 Secret protection set intersection calculation method and system based on polynomial repressentation
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120059435A (en) * 2010-11-30 2012-06-08 고려대학교 산학협력단 Set operation method for protecting privacy
US20180367293A1 (en) * 2017-06-15 2018-12-20 Microsoft Technology Licensing, Llc Private set intersection encryption techniques
CN109886029A (en) * 2019-01-28 2019-06-14 湖北工业大学 Secret protection set intersection calculation method and system based on polynomial repressentation
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium
US20210234689A1 (en) * 2020-08-07 2021-07-29 Beijing Baidu Netcom Science And Technology Co., Ltd. Method and apparatus for obtaining privacy set intersection, device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242464A (en) * 2022-07-01 2022-10-25 浙江网商银行股份有限公司 Service processing method, system, device and equipment
CN115242464B (en) * 2022-07-01 2023-10-13 浙江网商银行股份有限公司 Service processing method, system, device and equipment

Also Published As

Publication number Publication date
CN113645022B (en) 2024-06-18

Similar Documents

Publication Publication Date Title
EP3779717B1 (en) Multiparty secure computing method, device, and electronic device
EP3779751B1 (en) Multi-party security computing method and apparatus, and electronic device
US9973334B2 (en) Homomorphically-created symmetric key
KR101829267B1 (en) Homomorphic Encryption Method by Which Ciphertext Size Is Reduced
US20200374100A1 (en) Cryptography device having secure provision of random number sequences
WO2014112548A1 (en) Secure-computation system, computing device, secure-computation method, and program
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN113051590A (en) Data processing method and related equipment
CN114095170B (en) Data processing method, device, system and computer readable storage medium
CN113904808A (en) Private key distribution and decryption method, device, equipment and medium
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
CN114124343A (en) Privacy-protecting risk scoring information query method, device, system and equipment
CN113645022B (en) Method, device, electronic equipment and storage medium for determining intersection of privacy sets
CN116170142B (en) Distributed collaborative decryption method, device and storage medium
CN112737783B (en) Decryption method and device based on SM2 elliptic curve
CN110611568B (en) Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms
CN111294196B (en) Signal sending and receiving method and device, electronic equipment and storage medium
CN116861477A (en) Data processing method, system, terminal and storage medium based on privacy protection
CN115277064B (en) Data encryption and data decryption methods and devices, electronic equipment and medium
CN106534077A (en) Authenticable agent re-encryption system and method based on symmetric cryptography
CN114257402B (en) Encryption algorithm determining method, device, computer equipment and storage medium
Liu et al. A parallel encryption algorithm for dual-core processor based on chaotic map
CN113381854B (en) Data transmission method, device, equipment and storage medium
CN116881950B (en) Processing method and device of privacy data, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant