CN113645022B - Method, device, electronic equipment and storage medium for determining intersection of privacy sets - Google Patents

Method, device, electronic equipment and storage medium for determining intersection of privacy sets Download PDF

Info

Publication number
CN113645022B
CN113645022B CN202110911496.8A CN202110911496A CN113645022B CN 113645022 B CN113645022 B CN 113645022B CN 202110911496 A CN202110911496 A CN 202110911496A CN 113645022 B CN113645022 B CN 113645022B
Authority
CN
China
Prior art keywords
server
public key
element set
client
data set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110911496.8A
Other languages
Chinese (zh)
Other versions
CN113645022A (en
Inventor
张宇
汪宗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202110911496.8A priority Critical patent/CN113645022B/en
Publication of CN113645022A publication Critical patent/CN113645022A/en
Application granted granted Critical
Publication of CN113645022B publication Critical patent/CN113645022B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

In the embodiment of the invention, a client constructs a first polynomial according to a first data set, and encrypts each element in the first element set and a random number of 0 after each element in the first element set is formed by each coefficient of the first polynomial to obtain an encrypted second element set. And then the public key and the second element set are sent to the server. The second element set contains the ciphertext corresponding to the random number of 0, and the server cannot infer the number of the client data according to the number of elements in the second element set, so that the privacy protection function on the number of the client data is achieved.

Description

Method, device, electronic equipment and storage medium for determining intersection of privacy sets
Technical Field
The present invention relates to the technical field of determining an intersection of privacy sets, and in particular, to a method and apparatus for determining an intersection of privacy sets, an electronic device, and a storage medium.
Background
The PSI (PRIVATE SET intersection) of the privacy set is to calculate the intersection of the data set provided by the client and the data set provided by the server through a series of underlying cryptography techniques, and data beyond the intersection in the set cannot be revealed, so that the method has wide application in reality scenes such as blacklist sharing, marketing matching and the like. When the intersection of the data sets is solved, firstly, a polynomial is constructed according to the data set of the client, each coefficient of the polynomial forms an element set, the client sends the element set to the server, and the server can determine the data quantity in the data set of the client according to the quantity in the element set. Therefore, the prior art has a problem that the amount of data contained in the client data set is leaked although data other than intersections in the set is not leaked. However, in the scenes such as marketing matching, the data amount contained in the collection needs to be kept secret, and the existing scheme cannot meet the requirement.
Disclosure of Invention
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for determining a privacy set intersection, which are used for solving the problem that the data quantity contained in a client data set can be revealed in the existing scheme.
The embodiment of the invention provides a method for determining intersection of privacy sets, which comprises the following steps:
Constructing a first polynomial according to a first data set of a client, and forming a first element set by each coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set;
the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
And decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Further, encrypting each element in the first element set and a random number of 0 by using the public key to obtain an encrypted second element set includes:
Encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set, and encrypting the random number 0 by adopting the public key to obtain ciphertext corresponding to the random number 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
Further, the constructing a first polynomial according to the first data set of the client includes:
And constructing the first polynomial by using an interpolation method according to the first data set of the client, so that a solution of which the first polynomial is 0 is the first data set.
In another aspect, an embodiment of the present invention provides a method for determining an intersection of privacy sets, where the method includes:
Receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
Determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
and sending the encrypted third element set to a client, enabling the client to decrypt each element in the third element set by adopting a private key to obtain a second data set of the server, and determining an intersection of the first data set and the second data set.
Further, the determining the third element set encrypted by the server according to the second element set, the second data set of the server and the public key includes:
And determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
Further, the determining, by using a homomorphic encryption algorithm, the third element set encrypted by the server according to the second element set, the second data set of the server, the public key and the random parameter includes:
Determining a fourth element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
In another aspect, an embodiment of the present invention provides an apparatus for determining a privacy set intersection, where the apparatus includes:
the first determining module is used for constructing a first polynomial according to a first data set of the client, and each term coefficient of the first polynomial forms a first element set;
The encryption module is used for encrypting each element in the first element set and the random number of 0 by adopting a public key to obtain an encrypted second element set;
The transmission module is used for transmitting the public key and the second element set to a server and receiving an encrypted third element set transmitted by the server, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
and the second determining module is used for decrypting each element in the third element set by adopting a private key to obtain a second data set of the server side and determining the intersection of the first data set and the second data set.
Further, the encryption module is specifically configured to encrypt each element in the first element set by using a public key to obtain ciphertext corresponding to each element in the first element set, and encrypt the random number 0 by using the public key to obtain ciphertext corresponding to each random number 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
Further, the first determining module is specifically configured to construct the first polynomial by using an interpolation method according to the first data set of the client, so that a solution of the first polynomial being 0 is the first data set.
In another aspect, an embodiment of the present invention provides an apparatus for determining a privacy set intersection, where the apparatus includes:
The receiving module is used for receiving the public key sent by the client and the encrypted second element set, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
the third determining module is used for determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
And the sending module is used for sending the encrypted third element set to the client, so that the client adopts a private key to decrypt each element in the third element set to obtain a second data set of the server, and the intersection of the first data set and the second data set is determined.
Further, the third determining module is specifically configured to determine, by using a homomorphic encryption algorithm, a third element set encrypted by the server according to the second element set, the second data set of the server, the public key and the random parameter.
Further, the third determining module is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a fourth element set encrypted by the server by adopting a homomorphic encryption algorithm; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
On the other hand, the embodiment of the invention provides electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
A processor for implementing any of the method steps described above when executing a program stored on a memory.
In another aspect, embodiments of the present invention provide a computer-readable storage medium having a computer program stored therein, which when executed by a processor, implements the method steps of any of the above.
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for determining privacy set intersection, wherein the method comprises the following steps: constructing a first polynomial according to a first data set of a client, and forming a first element set by each coefficient of the first polynomial; encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set; the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key; and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The technical scheme has the following advantages or beneficial effects:
In the embodiment of the invention, a client builds a first polynomial according to a first data set, encrypts each element in the first element set and a random number of 0 after each element of the first polynomial is formed into the first element set, and obtains an encrypted second element set. And then the public key and the second element set are sent to the server. The second element set contains the ciphertext corresponding to the random number of 0, and the server cannot infer the number of the client data according to the number of elements in the second element set, so that the privacy protection function on the number of the client data is achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a process for determining intersection of privacy sets according to embodiment 1 of the present invention;
FIG. 2 is a schematic diagram of a process for determining intersections of privacy sets according to embodiment 2 of the present invention;
Fig. 3 is a schematic structural diagram of a device for determining intersection of privacy sets according to embodiment 3 of the present invention;
fig. 4 is a schematic structural diagram of a device for determining intersection of privacy sets according to embodiment 4 of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to embodiment 5 of the present invention.
Detailed Description
The present invention will be described in further detail below with reference to the attached drawings, wherein it is apparent that the embodiments described are only some, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1:
Fig. 1 is a schematic diagram of a process for determining intersection of privacy sets according to an embodiment of the present invention, where the process includes the following steps:
s101: and constructing a first polynomial according to a first data set of the client, and forming a first element set by each term coefficient of the first polynomial.
S102: and encrypting each element in the first element set and the random number of 0 by adopting a public key to obtain an encrypted second element set.
S103: and sending the public key and the second element set to a server, and receiving an encrypted third element set sent by the server, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key.
S104: and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
The method for determining the privacy set intersection provided by the embodiment of the invention is applied to the client, and the privacy set intersection is determined, namely, the intersection of the privacy data set of the client and the privacy data set of the server is determined. The data set of the client is called a first data set, and a first polynomial is constructed according to the first data set of the client. The constructing a first polynomial according to the first data set of the client comprises: and constructing the first polynomial by using an interpolation method according to the first data set of the client, so that a solution of which the first polynomial is 0 is the first data set.
After constructing the first polynomial, a first element set is constructed from each coefficient of the first polynomial. And encrypting each element in the first element set and the random number of 0 by adopting the public key to obtain an encrypted second element set. Let the first polynomial constructed be P (y) =a 0x0+a1x1+a2x2. The first element set comprises (a 0, a1, a 2). It can be understood that, in order to ensure that the solution of the first polynomial of 0 is the first data set, the first polynomial may be written as P(y)=a0x0+a1x1+a2x2+0x3+0x4+0x5……., so in the embodiment of the present invention, it is proposed to encrypt each element in the first element set and a random number of 0 by using a public key, to obtain an encrypted second element set. Wherein, a random number of 0's may be added to the first element set, and then each element in the first element set is encrypted by using a public key to obtain a second element set. Or respectively encrypting each element in the first element set by adopting a public key, then encrypting a random number of 0s by adopting the public key, and taking the encrypted ciphertext as the second element set.
In the embodiment of the present invention, encrypting each element and a random number of 0 in the first element set by using a public key to obtain an encrypted second element set includes:
Encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set, and encrypting the random number 0 by adopting the public key to obtain ciphertext corresponding to the random number 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
In the embodiment of the invention, in order to facilitate the determination of the intersection of the privacy sets, a random number of ciphertexts corresponding to 0 respectively may be added to the ciphertexts corresponding to each element in the first element set, so as to obtain the encrypted second element set.
After the client determines the encrypted second element set, the public key and the second element set are sent to the server. The server determines an encrypted third element set based on the second element set, the second data set of the server and the public key, and sends the third element set back to the client. The client decrypts each element in the third element set by adopting a private key corresponding to the public key to obtain a second data set of the server, and then an intersection of the first data set and the second data set is determined.
In the embodiment of the invention, a client builds a first polynomial according to a first data set, encrypts each element in the first element set and a random number of 0 after each element of the first polynomial is formed into the first element set, and obtains an encrypted second element set. And then the public key and the second element set are sent to the server. The second element set contains the ciphertext corresponding to the random number of 0, and the server cannot infer the number of the client data according to the number of elements in the second element set, so that the privacy protection function on the number of the client data is achieved.
Example 2:
fig. 2 is a schematic diagram of a process for determining intersection of privacy sets according to an embodiment of the present invention, where the process includes the following steps:
S201: and receiving a public key and an encrypted second element set sent by the client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key.
S202: and determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key.
S203: and sending the encrypted third element set to a client, enabling the client to decrypt each element in the third element set by adopting a private key to obtain a second data set of the server, and determining an intersection of the first data set and the second data set.
The method for determining the intersection of the privacy sets, which is provided by the embodiment of the invention, is applied to the server.
The client builds a first polynomial according to a first data set of the client, and each coefficient of the first polynomial forms a first element set; and encrypting each element in the first element set and the random number of 0 by adopting the public key to obtain an encrypted second element set. And sending the second element set and the public key to the server.
The server receives the public key and the encrypted second element set sent by the client, and determines a third element set encrypted by the server according to the second element set, the second data set of the server and the public key. And then sending the encrypted third element set to the client. The client decrypts each element in the third element set by adopting a private key corresponding to the public key to obtain a second data set of the server, and then an intersection of the first data set and the second data set is determined.
In the embodiment of the present invention, the determining, according to the second element set, the second data set of the server side, and the public key, the encrypted third element set of the server side includes:
And determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
Specifically, the determining, by using a homomorphic encryption algorithm, the third element set encrypted by the server according to the second element set, the second data set of the server, the public key and the random parameter includes:
Determining a fourth element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
In the embodiment of the present invention, after a random number of ciphertexts are selected in the ciphertext space and added to each element in the fourth element set, a third element set is obtained. The client decrypts each element in the third element set by adopting a private key to obtain a second data set of the server, and the obtained second data set contains data of the server and interference item data corresponding to a random number of ciphertext. After a random number of ciphertexts are selected in the ciphertext space and added to each element in the fourth element set, a third element set is obtained, so that the client cannot infer the data quantity of the server, and the privacy protection function on the data quantity contained in the server is achieved. Before the random number of ciphertexts are not added, the second data set of the server does not contain interference item data corresponding to the random number of ciphertexts.
The process of determining the intersection of privacy sets is described in detail below.
A client (C) and a server (S).
The first data set of C is X= { X i|i=1,2…kc,xi∈Zn }, and the second data set of S is
Y={yi|i=1,2…ks,yi∈Zn}。
C, executing the following steps:
(1) A public-private key pair (PK c,SKc) of the homomorphic encryption algorithm Paillier is generated, a private key SK c is stored in a secret mode, and a public key PK c is disclosed to a server side.
(2) Obtaining a first polynomial using interpolationLet the set of solutions of equation P (y) =0 be X.
(3) Performing paillier public key encryption for each element in the first element set { a u|u=0,1…Kc } to obtain a setRandomly selecting an integer K t, and calculating an acquisition setHere it is shown that the random number K t 0 is encrypted with a public key.
(4) After adding all elements in E 2 to all elements in set E 1, set e= { E i|i=0,1,…Kc+Kt } is obtained. And the set E is a second element set, and E is sent to S.
S, executing the following steps:
(1) For all Y E Y, according to the characteristics of the Paillier algorithm, calculate Wherein n is the Paillier algorithm parameter.
(2) Selecting random parameter r, calculating And bringing each data in the second data set of the server into the formula to obtain a set CT 1.
(3) The integer K t' is randomly selected. K t' ciphertext CTs are randomly selected in the ciphertext space of the paillier to form a set CT 2. After adding each element in CT 2 to all elements of CT 1, a third element set CT is acquired. The CT is sent to C.
C, executing the following steps:
(1) For each element CT i in CT, m i=DecSKc(cti) is performed. That is, each element ct i is decrypted by using the private key corresponding to the public key.
(2) The intersection of the output set { m i } and X is the intersection of X and Y.
Because the decrypted set of clients is { mi=rp (yi) +yi }. And the set of solutions for polynomial P (y) =0 is x= { xi }. If a certain element yi in the server input is equal to one element in the set X, then r×p (yi) =0, mi=r×p (yi) +yi=yi, and the result must exist in the set X. Therefore, the client only needs to observe the intersection of the decryption result set and the client input set X, and the intersection of X and Y can be obtained.
Example 3:
Fig. 3 is a schematic structural diagram of a device for determining intersection of privacy sets according to an embodiment of the present invention, where the device includes:
A first determining module 31, configured to construct a first polynomial according to a first data set of a client, where each coefficient of the first polynomial forms a first element set;
an encryption module 32, configured to encrypt each element in the first element set and a random number of 0 with a public key to obtain an encrypted second element set;
A transmission module 33, configured to send the public key and the second element set to a server, and receive an encrypted third element set sent by the server, where the third element set is determined by the server based on the second element set, the second data set of the server, and the public key;
And the second determining module 34 is configured to decrypt each element in the third element set by using a private key, obtain a second data set of the server, and determine an intersection of the first data set and the second data set.
The encryption module 32 is specifically configured to encrypt each element in the first element set by using a public key to obtain ciphertext corresponding to each element in the first element set, and encrypt the random number 0 by using the public key to obtain ciphertext corresponding to each random number 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
The first determining module 31 is specifically configured to construct the first polynomial by using interpolation according to the first data set of the client, so that a solution of the first polynomial being 0 is the first data set.
Example 4:
fig. 4 is a schematic structural diagram of a device for determining intersection of privacy sets according to an embodiment of the present invention, where the device includes:
A receiving module 41, configured to receive a public key and an encrypted second element set sent by a client, where the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and a random number of 0 in the first element set by using the public key;
A third determining module 42, configured to determine a third element set encrypted by the server according to the second element set, the second data set of the server, and the public key;
And the sending module 43 is configured to send the encrypted third element set to a client, so that the client decrypts each element in the third element set by using a private key, obtains a second data set of the server, and determines an intersection of the first data set and the second data set.
The third determining module 42 is specifically configured to determine, by using a homomorphic encryption algorithm, a third element set encrypted by the server according to the second element set, the second data set of the server, the public key and the random parameter.
The third determining module 42 is specifically configured to determine, according to the second element set, the second data set of the server, the public key, and the random parameter, a fourth element set encrypted by the server by using a homomorphic encryption algorithm; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
Example 5:
On the basis of the foregoing embodiments, an electronic device is further provided in the embodiments of the present invention, and it should be noted that in the embodiments of the present invention, a client and a server are collectively referred to as an electronic device, as shown in fig. 5, including: processor 301, communication interface 302, memory 303 and communication bus 304, wherein processor 301, communication interface 302, memory 303 complete the communication each other through communication bus 304;
If the electronic device is a client, the memory 303 stores a computer program which, when executed by the processor 301, causes the processor 301 to perform the steps of:
Constructing a first polynomial according to a first data set of a client, and forming a first element set by each coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set;
the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
And decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
Based on the same inventive concept, the embodiment of the invention further provides an electronic device, and because the principle of solving the problem of the electronic device is similar to that of determining the intersection of privacy sets, the implementation of the electronic device can refer to the implementation of the method, and the repetition is omitted.
The electronic device provided by the embodiment of the invention can be a desktop computer, a portable computer, a smart phone, a tablet Personal computer, a Personal digital assistant (Personal DIGITAL ASSISTANT, PDA), a network side device and the like.
The communication bus mentioned above for the electronic device may be a peripheral component interconnect standard (PeripheralComponent Interconnect, PCI) bus or an extended industry standard architecture (Extended IndustryStandard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface 302 is used for communication between the electronic device and other devices described above.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit, a network processor (NetworkProcessor, NP), etc.; but may also be a digital signal processor (DIGITAL SIGNAL Processing unit, DSP), application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
When a processor executes a program stored in a memory, a first polynomial is constructed according to a first data set of a client, and each coefficient of the first polynomial forms a first element set; encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set; the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key; and decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
In the embodiment of the invention, a client builds a first polynomial according to a first data set, encrypts each element in the first element set and a random number of 0 after each element of the first polynomial is formed into the first element set, and obtains an encrypted second element set. And then the public key and the second element set are sent to the server. The second element set contains the ciphertext corresponding to the random number of 0, and the server cannot infer the number of the client data according to the number of elements in the second element set, so that the privacy protection function on the number of the client data is achieved.
If the electronic device is a server, the memory 303 stores a computer program, which when executed by the processor 301, causes the processor 301 to perform the following steps:
Receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
Determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
and sending the encrypted third element set to a client, enabling the client to decrypt each element in the third element set by adopting a private key to obtain a second data set of the server, and determining an intersection of the first data set and the second data set.
Example 6:
On the basis of the above embodiments, the embodiments of the present invention further provide a computer storage readable storage medium, in which a computer program executable by an electronic device is stored, and if the electronic device is a client, when the program runs on the electronic device, the program causes the electronic device to implement the following steps when executed:
Constructing a first polynomial according to a first data set of a client, and forming a first element set by each coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set;
the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
And decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining the intersection of the first data set and the second data set.
If the electronic device is a client, when the program runs on the electronic device, the electronic device is caused to execute the following steps:
Receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
Determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
and sending the encrypted third element set to a client, enabling the client to decrypt each element in the third element set by adopting a private key to obtain a second data set of the server, and determining an intersection of the first data set and the second data set.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (14)

1. A method of determining an intersection of privacy sets, the method comprising:
Constructing a first polynomial according to a first data set of a client, and forming a first element set by each coefficient of the first polynomial;
encrypting each element in the first element set and a random number of 0 by adopting a public key to obtain an encrypted second element set;
the public key and the second element set are sent to a server, and an encrypted third element set sent by the server is received, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
Decrypting each element in the third element set by adopting a private key to obtain a second data set of the server, and determining an intersection of the first data set and the second data set;
The first data set of the client is X= { X i|i=1,2…kc,xi∈Zn }, and the second data set of the server is Y= { Y i|i=1,2…ks,yi∈Zn };
The client generates a public-private key pair (PK c,SKc) of a homomorphic encryption algorithm Paillier, secretly stores a private key SK c, and discloses a public key PK c to the server; obtaining a first polynomial using interpolation Let the set of solutions of equation P (y) =0 be X; for each element in the first element set { a u|u=0,1…Kc }, performing paillier public key encryption to obtain set/>Randomly selecting an integer K t, and calculating an acquisition setRepresenting encrypting the random number K t 0 with the public key; after adding all elements in E 2 to all elements in a set E 1, acquiring a second element set E= { E i|i=0,1,…Kc+Kt }, and sending E to a server;
The server calculates the Y E Y according to the characteristics of the Paillier algorithm Wherein n is the Paillier algorithm parameter; selecting random parameter r, calculatingBringing each data in the second data set of the server into the formula to obtain a set CT 1; randomly selecting an integer K t ', and randomly selecting K t' ciphertext CTs in a ciphertext space of the paillier to form a set CT 2; adding each element in the CT 2 to all elements of the CT 1, acquiring a third element set CT, and sending the CT to a client;
The client executes m i=DecSKc(cti) for each element CT i in the CT, decrypts each element CT i by adopting a private key corresponding to the public key, and outputs an intersection of the set { m i } and X as an intersection of X and Y;
Firstly adding a random number of 0s into a first element set, and encrypting each element in the first element set by adopting the public key to obtain a second element set; or respectively encrypting each element in the first element set by adopting a public key, then encrypting the random number 0 by adopting the public key, and taking the encrypted ciphertext as the second element set.
2. The method of claim 1, wherein encrypting each element in the first set of elements and a random number of 0 s using a public key to obtain an encrypted second set of elements comprises:
Encrypting each element in the first element set by adopting a public key to obtain ciphertext corresponding to each element in the first element set, and encrypting the random number 0 by adopting the public key to obtain ciphertext corresponding to the random number 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
3. The method of claim 1, wherein constructing a first polynomial from the first data set of the client comprises:
And constructing the first polynomial by using an interpolation method according to the first data set of the client, so that a solution of which the first polynomial is 0 is the first data set.
4. A method of determining an intersection of privacy sets, the method comprising:
Receiving a public key and an encrypted second element set sent by a client, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
Determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
The encrypted third element set is sent to a client, so that the client decrypts each element in the third element set by adopting a private key to obtain a second data set of the server, and an intersection of the first data set and the second data set is determined;
The first data set of the client is X= { X i|i=1,2…kc,xi∈Zn }, and the second data set of the server is Y= { Y i|i=1,2…ks,yi∈Zn };
The client generates a public-private key pair (PK c,SKc) of a homomorphic encryption algorithm Paillier, secretly stores a private key SK c, and discloses a public key PK c to the server; obtaining a first polynomial using interpolation Let the set of solutions of equation P (y) =0 be X; for each element in the first element set { a u|u=0,1…Kc }, performing paillier public key encryption to obtain set/>Randomly selecting an integer K t, and calculating an acquisition setRepresenting encrypting the random number K t 0 with the public key; after adding all elements in E 2 to all elements in a set E 1, acquiring a second element set E= { E i|i=0,1,…Kc+Kt }, and sending E to a server;
The server calculates the Y E Y according to the characteristics of the Paillier algorithm Wherein n is the Paillier algorithm parameter; selecting random parameter r, calculatingBringing each data in the second data set of the server into the formula to obtain a set CT 1; randomly selecting an integer K t ', and randomly selecting K t' ciphertext CTs in a ciphertext space of the paillier to form a set CT 2; adding each element in the CT 2 to all elements of the CT 1, acquiring a third element set CT, and sending the CT to a client;
The client executes m i=DecSKc(cti) for each element CT i in the CT, decrypts each element CT i by adopting a private key corresponding to the public key, and outputs an intersection of the set { m i } and X as an intersection of X and Y;
Firstly adding a random number of 0s into a first element set, and encrypting each element in the first element set by adopting the public key to obtain a second element set; or respectively encrypting each element in the first element set by adopting a public key, then encrypting the random number 0 by adopting the public key, and taking the encrypted ciphertext as the second element set.
5. The method of claim 4, wherein the determining a server-side encrypted third element set from the second element set, the server-side second data set, and the public key comprises:
And determining a third element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
6. The method of claim 5, wherein the determining the server-side encrypted third element set using a homomorphic encryption algorithm based on the second element set, the server-side second data set, the public key, and the random parameter comprises:
Determining a fourth element set encrypted by the server by adopting a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
7. An apparatus for determining a privacy set intersection, the apparatus comprising:
the first determining module is used for constructing a first polynomial according to a first data set of the client, and each term coefficient of the first polynomial forms a first element set;
The encryption module is used for encrypting each element in the first element set and the random number of 0 by adopting a public key to obtain an encrypted second element set;
The transmission module is used for transmitting the public key and the second element set to a server and receiving an encrypted third element set transmitted by the server, wherein the third element set is determined by the server based on the second element set, the second data set of the server and the public key;
the second determining module is used for decrypting each element in the third element set by adopting a private key to obtain a second data set of the server side, and determining an intersection of the first data set and the second data set;
The first data set of the client is X= { X i|i=1,2…kc,xi∈Zn }, and the second data set of the server is Y= { Y i|i=1,2…ks,yi∈Zn };
The client generates a public-private key pair (PK c,SKc) of a homomorphic encryption algorithm Paillier, secretly stores a private key SK c, and discloses a public key PK c to the server; obtaining a first polynomial using interpolation Let the set of solutions of equation P (y) =0 be X; for each element in the first element set { a u|u=0,1…Kc }, performing paillier public key encryption to obtain set/>Randomly selecting an integer K t, and calculating an acquisition setRepresenting encrypting the random number K t 0 with the public key; after adding all elements in E 2 to all elements in a set E 1, acquiring a second element set E= { E i|i=0,1,…Kc+Kt }, and sending E to a server;
The server calculates the Y E Y according to the characteristics of the Paillier algorithm Wherein n is the Paillier algorithm parameter; selecting random parameter r, calculatingBringing each data in the second data set of the server into the formula to obtain a set CT 1; randomly selecting an integer K t ', and randomly selecting K t' ciphertext CTs in a ciphertext space of the paillier to form a set CT 2; adding each element in the CT 2 to all elements of the CT 1, acquiring a third element set CT, and sending the CT to a client;
The client executes m i=DecSKc(cti) for each element CT i in the CT, decrypts each element CT i by adopting a private key corresponding to the public key, and outputs an intersection of the set { m i } and X as an intersection of X and Y;
Firstly adding a random number of 0s into a first element set, and encrypting each element in the first element set by adopting the public key to obtain a second element set; or respectively encrypting each element in the first element set by adopting a public key, then encrypting the random number 0 by adopting the public key, and taking the encrypted ciphertext as the second element set.
8. The apparatus of claim 7, wherein the encryption module is specifically configured to encrypt each element in the first element set with a public key to obtain ciphertext corresponding to each element in the first element set, and encrypt the random number of 0 with the public key to obtain ciphertext corresponding to each random number of 0; and adding the random numbers of ciphertext corresponding to 0 respectively to ciphertext corresponding to each element in the first element set respectively to obtain an encrypted second element set.
9. The apparatus of claim 7, wherein the first determining module is specifically configured to construct the first polynomial using interpolation from the first data set of the client such that a solution of the first polynomial being 0 is the first data set.
10. An apparatus for determining a privacy set intersection, the apparatus comprising:
The receiving module is used for receiving the public key sent by the client and the encrypted second element set, wherein the second element set is obtained by constructing a first polynomial according to a first data set of the client, forming a first element set by each coefficient of the first polynomial, and encrypting each element and random number 0 in the first element set by adopting the public key;
the third determining module is used for determining a third element set encrypted by the server according to the second element set, the second data set of the server and the public key;
The sending module is used for sending the encrypted third element set to the client, so that the client decrypts each element in the third element set by adopting a private key to obtain a second data set of the server, and an intersection of the first data set and the second data set is determined;
The first data set of the client is X= { X i|i=1,2…kc,xi∈Zn }, and the second data set of the server is Y= { Y i|i=1,2…ks,yi∈Zn };
The client generates a public-private key pair (PK c,SKc) of a homomorphic encryption algorithm Paillier, secretly stores a private key SK c, and discloses a public key PK c to the server; obtaining a first polynomial using interpolation Let the set of solutions of equation P (y) =0 be X; for each element in the first element set { a u|u=0,1…Kc }, performing paillier public key encryption to obtain set/>Randomly selecting an integer K t, and calculating an acquisition setRepresenting encrypting the random number K t 0 with the public key; after adding all elements in E 2 to all elements in a set E 1, acquiring a second element set E= { E i|i=0,1,…Kc+Kt }, and sending E to a server;
The server calculates the Y E Y according to the characteristics of the Paillier algorithm Wherein n is the Paillier algorithm parameter; selecting random parameter r, calculatingBringing each data in the second data set of the server into the formula to obtain a set CT 1; randomly selecting an integer K t ', and randomly selecting K t' ciphertext CTs in a ciphertext space of the paillier to form a set CT 2; adding each element in the CT 2 to all elements of the CT 1, acquiring a third element set CT, and sending the CT to a client;
The client executes m i=DecSKc(cti) for each element CT i in the CT, decrypts each element CT i by adopting a private key corresponding to the public key, and outputs an intersection of the set { m i } and X as an intersection of X and Y;
Firstly adding a random number of 0s into a first element set, and encrypting each element in the first element set by adopting the public key to obtain a second element set; or respectively encrypting each element in the first element set by adopting a public key, then encrypting the random number 0 by adopting the public key, and taking the encrypted ciphertext as the second element set.
11. The apparatus of claim 10, wherein the third determining module is specifically configured to determine the third element set encrypted by the server by using a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter.
12. The apparatus of claim 11, wherein the third determining module is specifically configured to determine a fourth element set encrypted by the server by using a homomorphic encryption algorithm according to the second element set, the second data set of the server, the public key and the random parameter; and selecting a random number of ciphertexts in a ciphertext space, and adding the random number of ciphertexts to each element in the fourth element set to obtain a third element set.
13. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1-6 when executing a program stored on a memory.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-6.
CN202110911496.8A 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets Active CN113645022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110911496.8A CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110911496.8A CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Publications (2)

Publication Number Publication Date
CN113645022A CN113645022A (en) 2021-11-12
CN113645022B true CN113645022B (en) 2024-06-18

Family

ID=78420464

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110911496.8A Active CN113645022B (en) 2021-08-10 2021-08-10 Method, device, electronic equipment and storage medium for determining intersection of privacy sets

Country Status (1)

Country Link
CN (1) CN113645022B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242464B (en) * 2022-07-01 2023-10-13 浙江网商银行股份有限公司 Service processing method, system, device and equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101260673B1 (en) * 2010-11-30 2013-05-10 고려대학교 산학협력단 Set operation method for protecting privacy
US10608811B2 (en) * 2017-06-15 2020-03-31 Microsoft Technology Licensing, Llc Private set intersection encryption techniques
CN109886029B (en) * 2019-01-28 2020-09-22 湖北工业大学 Polynomial expression based privacy protection set intersection calculation method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium

Also Published As

Publication number Publication date
CN113645022A (en) 2021-11-12

Similar Documents

Publication Publication Date Title
EP3779717B1 (en) Multiparty secure computing method, device, and electronic device
EP3779751A1 (en) Multi-party security computing method and apparatus, and electronic device
US9973334B2 (en) Homomorphically-created symmetric key
US10374797B2 (en) Public-key encryption system
KR101829267B1 (en) Homomorphic Encryption Method by Which Ciphertext Size Is Reduced
CN106134128B (en) Use the system and method for the faster public key encryption in associated private key part
US20170272244A1 (en) Public-key encryption system
KR101615137B1 (en) Data access method based on attributed
CN107454975B (en) Encryption system and key generation device
CN111555880B (en) Data collision method and device, storage medium and electronic equipment
CN113051590A (en) Data processing method and related equipment
EP3490189A1 (en) Communication terminal, server device, and program
CN114095170B (en) Data processing method, device, system and computer readable storage medium
CN113904808A (en) Private key distribution and decryption method, device, equipment and medium
CN113098680A (en) Non-transitory computer readable medium, decryption device, and communication system
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
KR20230148200A (en) Data processing methods, devices and electronic devices, and storage media for multi-source data
CN113645022B (en) Method, device, electronic equipment and storage medium for determining intersection of privacy sets
US9473471B2 (en) Method, apparatus and system for performing proxy transformation
CN116170142B (en) Distributed collaborative decryption method, device and storage medium
CN112737783B (en) Decryption method and device based on SM2 elliptic curve
KR101695361B1 (en) Terminology encryption method using paring calculation and secret key
WO2019239776A1 (en) Decrypting device, encrypting device, and encryption system
CN115277064B (en) Data encryption and data decryption methods and devices, electronic equipment and medium
CN114257402B (en) Encryption algorithm determining method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant