CN114301609A - Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission - Google Patents

Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission Download PDF

Info

Publication number
CN114301609A
CN114301609A CN202210191130.2A CN202210191130A CN114301609A CN 114301609 A CN114301609 A CN 114301609A CN 202210191130 A CN202210191130 A CN 202210191130A CN 114301609 A CN114301609 A CN 114301609A
Authority
CN
China
Prior art keywords
public key
message
jth
temporary public
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210191130.2A
Other languages
Chinese (zh)
Other versions
CN114301609B (en
Inventor
王天雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202210191130.2A priority Critical patent/CN114301609B/en
Publication of CN114301609A publication Critical patent/CN114301609A/en
Application granted granted Critical
Publication of CN114301609B publication Critical patent/CN114301609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an accidental transmission method, a multi-party secure computing platform and a device for the accidental transmission. The method comprises the following steps: the sender is based on n message groups, the receiver is based on n indexes and verification subset J, both sides execute the 2-to-1 oblivious transmission protocol for n times, and when executing the jth time, if J belongs to the verification subset, the receiver verifies the transmission data of the jth time; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ]; and when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible inadvertent transmission result. The embodiment of the invention ensures that the careless transmission protocol can be correctly executed under the malicious participant model, and can improve the safety of the careless transmission protocol.

Description

Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
Technical Field
The invention relates to the technical field of computers, in particular to an accidental transmission method, a multi-party secure computing platform and a device for the accidental transmission.
Background
The Oblivious Transfer (OT) is a basic protocol for multi-party secure computing, and is a two-party protocol, specifically an interaction protocol between a Receiver (Receiver) and a Sender (Sender). The OT protocol can ensure the security of data between the receiving party and the sending party, and thus is widely applied to various fields.
One problem that needs to be solved by an inadvertent transport protocol can be described as follows: sender a has a secret m0And m1The receiver B has an index a, and the sender A and the receiver B execute an oblivious transmission protocol so that the receiver can obtain the secret m corresponding to the index aa(if a =0, secret m is obtained0(ii) a If a =1, secret m is obtained1) And the sender a does not know which secret the receiver B obtained in the above process.
Patent application No. 202110912825.0 discloses a two-party privacy aggregation union computation method involving a sender and a receiver performing an n-times oblivious transfer protocol.
Disclosure of Invention
The embodiment of the invention provides an inadvertent transmission method and device and an inadvertent transmission device, which can enable an inadvertent transmission protocol to be correctly executed under a malicious participant model and can improve the safety of the inadvertent transmission protocol.
In a first aspect, an embodiment of the present invention discloses an inadvertent transmission method, which is applied to a multi-party secure computing platform, where the multi-party secure computing platform includes a sender and a receiver, and the method includes:
the sender is based on n message groups, the receiver is based on n indexes and verification subset J, both sides execute the 2-to-1 oblivious transmission protocol for n times, and when executing the jth time, if J belongs to the verification subset, the receiver verifies the transmission data of the jth time; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
and when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible inadvertent transmission result.
In a second aspect, an embodiment of the present invention discloses an inadvertent transmission method, which is applied to a receiver in a multi-party secure computing platform, where the multi-party secure computing platform further includes a sender, and the method includes:
based on n indexes and a verification subset J, executing an n-time 2-to-1 oblivious transmission protocol with a sender, and when executing the jth time, if J belongs to the verification subset, verifying the jth transmission data by the receiver; wherein, the sender holds n message groups, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
and when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible inadvertent transmission result.
In a third aspect, the embodiment of the invention discloses a multi-party security computing platform, which comprises a sender and a receiver, wherein the sender is based on n message groups, the receiver is based on n indexes and a verification subset J, and the two parties execute an inadvertent transmission protocol of selecting 2 from 1 n times; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
the receiver comprises a data verification module, and is used for verifying the j-th transmission data if j belongs to the verification subset when j is executed for the j-th time;
the receiver further comprises a data acquisition module, configured to obtain a trusted result of the inadvertent transmission if it is determined that the verification result of the verification subset meets a preset condition when the n-time execution of the 2-to-1 inadvertent transmission protocol is completed.
In a fourth aspect, embodiments of the present invention disclose a device for inadvertent transmissions, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing one or more of the aforementioned methods of inadvertent transmissions.
In a fifth aspect, embodiments of the invention disclose a machine-readable medium having instructions stored thereon, which when executed by one or more processors of an apparatus, cause the apparatus to perform one or more of the aforementioned methods of inadvertent transmission.
The embodiment of the invention has the following advantages:
the method for the inadvertent transmission provided by the embodiment of the invention adds the verification subset on the receiver on the basis of the 2-to-1 inadvertent transmission protocol. The method comprises the steps that a sender and a receiver execute a 2-to-1 inadvertent transmission protocol for multiple times, a part is randomly selected to be verified in the process of executing the protocol for multiple times so as to verify whether a participant violates the protocol, and if the verification result of a verification subset meets a preset condition, the receiver obtains a credible inadvertent transmission result. By the embodiment of the invention, the careless transmission protocol can be correctly executed under a malicious participant model, and the safety of the careless transmission protocol can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of the steps of one embodiment of an inadvertent transmission method of the present invention;
FIG. 2 is a flow diagram illustrating a process by which two parties execute a jth 2-out-of-1 oblivious transfer protocol in one example of the present invention;
FIG. 3 is a flow chart of steps in another embodiment of a method of inadvertent transmission of the present invention;
FIG. 4 is a block diagram of an embodiment of a multi-party secure computing platform of the present invention
FIG. 5 is a block diagram of an apparatus 800 for inadvertent transmission of the present invention;
fig. 6 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the objects identified as "first," "second," etc. are generally a class of objects and do not limit the number of objects, e.g., a first object may be one or more. Furthermore, the term "and/or" in the specification and claims is used to describe an association relationship of associated objects, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The term "plurality" in the embodiments of the present invention means two or more, and other terms are similar thereto.
Method embodiment
Referring to FIG. 1, a flow diagram illustrating the steps of one embodiment of an inadvertent transfer method of the present invention is shown, the method being applicable to a multi-party secure computing platform, the multi-party secure computing platform including a sender and a receiver, the method comprising the steps of:
step 101, the sender is based on n message groups, the receiver is based on n indexes and a verification subset J, both sides execute the 2-to-1 oblivious transmission protocol for n times, and when executing the jth time, if J belongs to the verification subset, the receiver verifies the transmission data of the jth time; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
and 102, when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets a preset condition, the receiving party obtains a credible inadvertent transmission result.
The Oblivious Transfer method of the embodiment of the invention can realize an Oblivious Transfer (OT) protocol based on a multi-party security computing platform. The OT protocol is a cryptographic protocol and is widely applied to the fields of multi-party security computing and the like.
The method for the oblivious transmission of the embodiment of the invention can be applied to any one of a 1-out-of-2 (1 in 2) oblivious transmission protocol, a 1-out-of-n (1 in n) oblivious transmission protocol, a k-out-of-n (k in n) oblivious transmission protocol and the like.
The problem addressed by the 1-out-of-2 (1 out of 2) oblivious transport protocol can be described as follows: suppose that the participants include Alice, which is the sender, and Bob, which is the receiver. Alice (sender) holds two messages m to be selected0And m1Bob (receiver) holds the index a, and a takes the value of 0 or 1. Both Alice and Bob execute a 2-to-1 oblivious transmission protocol, so that Bob can only obtain the message m corresponding to the index aa(if a =0, get the message m0(ii) a If a =1, the message m is obtained1) Bob has no knowledge of the other messages, and Alice does not know which message Bob has obtained.
The problem addressed by the 1-out-of-n (1 out of n) oblivious transport protocol can be described as follows: suppose that the participants include Alice, which is the sender, and Bob, which is the receiver. Alice (sender) holds n messages m to be selected0、m1、m2、…、mn-1Bob (receiver) holds index a, and the value of a can be any one of 0-n-1. Both Alice and Bob execute the n-to-1 oblivious transmission protocol, so that Bob can only obtain the message m corresponding to the index aaBob has no knowledge of the other messages, and Alice does not know which message Bob has obtained.
The problem solved by the k-out-of-n (k out of n) oblivious transport protocol can be described as follows: suppose that the participants include Alice, which is the sender, and Bob, which is the receiver. Alice (send)Party) holds n messages m to be selected0、m1、m2、…、mn-1Bob (receiver) holds k indices a0~ak-1,a0~ak-1The value of each of the above-mentioned groups may be any one of 0 to n-1. Both Alice and Bob execute an n-to-k oblivious transfer protocol so that Bob can only obtain the index a0~ak-1Corresponding message ma0~mak-1Bob has no knowledge of the other messages, and Alice does not know which messages Bob has obtained.
The 2-to-1 oblivious transmission protocol, the n-to-1 oblivious transmission protocol and the n-to-k oblivious transmission protocol are one of basic components of multi-party secure computation, and can be applied to application scenarios such as a garbled circuit, preprocessing data generation, oblivious polynomial computation and the like.
It should be noted that, in the embodiment of the present invention, Alice and Bob are used to identify two peer communication entities. The communication entities Alice and Bob correspond to a sender and a receiver respectively, and the positions and the sequence of the two can be interchanged.
There are two security models in multi-party security computing: a semi-honest participant model and a malicious participant model. The semi-honest participant model means that a participant executes according to a flow specified by a protocol when the protocol is executed, but a malicious attacker may monitor and acquire own input and output in the protocol execution process and information obtained in the protocol operation process. The malicious participant model is: when the protocol is executed, an attacker can analyze the privacy information of honest participants by illegal input or malicious tampering input and the like by the participants under the control of the attacker, and can also cause the termination of the protocol by early termination, refusal of participation and the like.
The embodiment of the invention adopts the thought of cut-and-choose (bidirectional and unintentional transmission) to verify the transmission data of the verification subset, so that the OT protocol can be correctly executed under a malicious party model. The idea of cut-and-choose is as follows: the protocol is repeatedly executed for a plurality of times, and a part is randomly selected from the protocol executed for complete decryption, thereby verifying that the participant does not violate the protocol.
In the embodiment of the invention, a sender holds n message groups, wherein n is larger than 1, and each message group comprises two messages to be selected. For example, the sender holds the following n message groups: (m00,m10)、(m01,m11)、…、(m0n-1,m1n-1). The 0 th message group contains a message m0 to be selected0And m10The 1 st message group contains the message m0 to be selected1,m11And so on, the n-1 message group contains the message m0 to be selectedn-1And m1n-1
The receiver holds the following n indices: a is0、a1、…、an-1。a0To an-1Any one of which takes the value 0 or 1. The sender is based on n message groups held, the receiver is based on n indexes held and the verification subset J, and both sides execute the 2-out-of-1 oblivious transmission protocol n times. Wherein, when the 0 th 2-to-1 inadvertent transmission protocol is finished, the receiver can only obtain the 0 th index a0In the 0 th message group (m 0)0,m10) Of (a) a corresponding target message0When =0, the target message m0 is acquired0;a0When =1, get target message m10) The recipient has no knowledge of other messages and the sender does not know which message the recipient has selected. When the 1 st 2-to-1 inadvertent transmission protocol is finished, the receiver can only obtain the 1 st index a1In the 1 st message group (m 0)1,m11) Of (a) a corresponding target message1When =0, the target message m0 is acquired1;a1When =1, get target message m11) There is no knowledge of the other messages and the sender does not know which message the recipient selected. And so on, until the two parties finish the (n-1) th 2-to-1) th inadvertent transmission protocol, the receiver obtains the (n-1) th index an-1In the n-1 th message group (m 0)n-1,m1n-1) Of (a) a corresponding target messagen-1When =0, the target message m0 is acquiredn-1;an-1When =1, get target message m1n-1) And no knowledge of other messages, and the sender is not aware of receptionThe party selects which message.
It should be noted that, in the embodiments of the present invention, the counting is started from 0, and of course, in a specific implementation, the present invention is not limited to this, and the counting may be started from any number.
The verification subset J comprises the number of the message group, and when the jth 2-to-1 inadvertent transmission protocol is executed, if J hits the number in the verification subset J, the transmission data of the jth time is verified. J ⊂ [ n ], where [ n ] is a set of integers from 0 to n-1, e.g., {0,1,2, …, n-1 }. J can contain any number of values from 0 to n-1, and the values in the verification subset can be randomly selected by a receiver. Exemplarily, assuming n =10, the verification subset J = {1,3,5,6,7}, the sender and the receiver perform 10 times of 2-out-of-1 oblivious transmission protocol for 0 th, 1 st, …, 9 th, and during the execution, the receiver verifies the transmission data of the 1 st, 3 rd, 5 th, 6 th, and 7 th times of 2-out-of-1 oblivious transmission protocol to verify whether the sender violates the protocol.
And the receiver decrypts and verifies the transmission data of the jth message group belonging to the verification subset, and if the verification result of the verification subset meets a preset condition, the transmission data corresponding to the randomly selected verification subset is credible, and the transmission data of the part of the messages not belonging to the verification subset is also credible. The portion of data that does not participate in the authentication is trusted and confidential, and therefore, may participate in subsequent applications.
In an optional embodiment of the present invention, the verifying that the verification result of the verification subset satisfies a preset condition may include: and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
And for the jth careless transmission protocol of 1-out-of-2, j takes a value of 0-n-1, and if j belongs to the verification subset, the receiver verifies the jth transmission data. And judging whether the target message selected from the jth message group and the non-target message not selected from the jth message group calculated by the receiver are both correct or not when the jth 2-to-1 inadvertent transmission protocol is finished. If all the messages are correct, the transmission process of j message groups which are randomly verified is credible, and the transmission process of the part of the message groups which are not verified can also be considered credible.
It should be noted that, the verification method is not limited in the embodiment of the present invention. Optionally, it is verified whether the target message selected from the jth message group and the non-target message not selected from the jth message group are both correct, and the target message and the non-target message may be submitted to an upper layer protocol for verification. The inadvertent transmission protocol of the malicious participant model only needs to ensure that the messages belonging to the verification subset can be completely decrypted by the receiver and handed to the upper layer protocol.
Illustratively, when the inadvertent transmission protocol according to the embodiment of the present invention is applied to the garbled circuit, the receiver decrypts the message belonging to the verification subset, that is, obtains all the input and output labels of the garbled circuit, and then can decrypt all the input and output correspondences of the garbled circuit using the input and output labels, so as to verify whether the target message selected from the jth message group and the non-target message not selected from the jth message group are both correct, thereby verifying the correctness of the garbled circuit generation process and verifying whether the process of the sender executing the garbled circuit protocol is correct.
In an optional embodiment of the present invention, the two parties performing the jth time in the 2-out-of-1 oblivious transmission protocol n times includes the following steps:
step S11, the receiver calculates a first parameter based on the locally generated random number, the base point G of the SM2 algorithm and whether j belongs to the verification subset, and sends the first parameter to the sender;
step S12, the sender calculates a public key and a private key based on the locally generated random number and the first parameter, encrypts the message in the jth message group based on a preset key generation function and the private key to obtain a ciphertext of the jth message group, and sends the ciphertext of the jth message group and the public key as second parameters to the receiver;
step S13, the receiving side calculates a target message selected from the jth message group based on the jth index, the key generation function, and the second parameter, and calculates a non-target message not selected from the jth message group to verify the non-target message when j belongs to the verification subset.
SM2 is an elliptic curve public key cryptographic algorithm issued by the national cryptology authority. G is a base point of the elliptic curve. In the course of performing the jth 1-out-of-2 inadvertent transmission protocol, the receiver calculates a first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the authentication subset. The first parameter is used for generating a public key and a private key of a jth 2-to-1 oblivious transmission protocol, and a sender can encrypt messages in a jth message group held by the sender by using the private key to generate a ciphertext of the messages. And the sender sends the ciphertext of the jth message group and the public key as second parameters to the receiver. The receiver can decrypt the target message (the message corresponding to the jth index) of the jth 2-to-1 inadvertent transmission protocol by using the second parameter based on the jth index, and knows nothing about other messages. The key generation function may be used to generate a key. For example, the Key generation function may be KDF (Key derivation function). The embodiment of the invention does not limit the specific key generation function.
Elliptic Curve Cryptography (ECC) is a public key system based on an Elliptic curve algorithm defined over a finite field. The SM2 algorithm is a specific algorithm of the ECC cryptosystem. An elliptic curve public key cryptographic algorithm is specified in the standard of the national standard GB/T32918 information security technology SM2 elliptic curve public key cryptographic algorithm, and an encryption algorithm and a decryption algorithm based on SM2 conform to the specification of the standard. The embodiment of the invention realizes the OT protocol by using the SM2 algorithm, and combines the multi-party security calculation with the domestic cryptographic algorithm, so that the multi-party security calculation is more in line with the national standard. In addition, compared with the common RSA encryption algorithm, the SM2 algorithm has higher security and computational efficiency.
The method for transmitting the data unintentionally provided by the embodiment of the invention encrypts (covers) the message of the sender and the index of the receiver based on the SM2 algorithm and the random number, so that the participator cannot obtain the information needing to be kept secret in the OT definition based on the information in the protocol operation, and a basis is provided for the OT protocol to be correctly executed under a malicious participator model.
In an alternative embodiment of the present invention, the receiving side calculates the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, and may include:
step S21, the receiving party orders the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
Step S22, the receiving party generates a first random number group R _ R2, a dot product calculation and a dot addition calculation based on the first random number group R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
Step S23, the receiving party generates a second random array R _ R3, a dot product calculation and a dot addition calculation based on the second random array R _ R3 and a base point G, a jth index and a first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
Step S24, the receiving party sends the second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj', and a sixth temporary public key hj' as a first parameter.
When both the sender and the receiver execute the jth 2-to-1 inadvertent transmission protocol, it is assumed that the jth message group held by the sender contains the first message m0jAnd a second message m1jThe jth index held by the receiver is aj.
It should be noted that, in the embodiment of the present invention, it is assumed that the receiver holds the following n indexes: a is0、a1、a2、…、an-1Wherein the jth index can be represented as aj or aj
The receiving party orders the first temporary public key g0=G,g0May be a well-known parameter known to both the sender and the receiver. The receiving party generates a first random number R _ R1, and a second temporary public key G is obtained based on the dot product calculation of the first random number R _ R1 and the base point G1E.g. g1=[R_r1]G. Wherein, the [ alpha ], [ beta ] -a]Representing a point doubling operation on an elliptic curve. For example, [ R _ R1]G denotes the point R _ R1 times the point G on the elliptic curve. The receiving side generates a first random number group R _ R2 containing n random numbers, a dot product calculation and a dot addition calculation based on the first random number group R _ R2 and a base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1. Further, when j belongs to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]G; when j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]G. The receiving side generates a second random number group R _ R3 containing n random numbers, a dot product calculation and a dot addition calculation based on the second random number group R _ R3 and a base point G, a jth index and a first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj'; e.g. fifth temporary public key gj’=(gaj)+[R_r3[j]]G; sixth temporary public key hj’=(haj)+[R_r3[j]]G. Wherein, when aj =0, gaj =g0,haj=h0(ii) a When aj =1, gaj =g1,haj=h1
The receiving party sends the second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj', and a sixth temporary public key hj' is sent as a first parameter to the sender.
The first random number group R _ R2 and the second random number group R _ R3 may respectively include n random numbers. It should be noted that, in the embodiment of the present invention, a manner of generating the random number is not limited, and the above-mentioned R _ R1, R _ R2, and R _ R3 are only indicated as a symbol, and are not used to limit a specific numerical value of the random number.
In an optional embodiment of the present invention, after the receiving side calculates the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, the method may further include:
step S31, the receiver performs zero knowledge proof on the first parameter and sends the related information of the zero knowledge proof to the sender;
and step S32, the sender verifies the related information of the zero-knowledge proof, and if the verification fails, the protocol is aborted.
In the embodiment of the invention, the receiver sets the first temporary public key g0= G, calculating a second temporary public key G1And calculating a third temporary public key h according to whether j belongs to the verification subsetj0And a fourth temporary public key hj1Calculating a fifth temporary public key g based on whether the jth index belongs to the verification subsetj' and sixth temporary public key hj’。
The receiving party will g1、hj0、hj1、gj’ 、hj', and zero knowledge proof, to the sender. The sender verifies the related information of the zero knowledge proof, and calculates a second parameter based on the first parameter sent by the receiver after the verification is passed.
The embodiment of the present invention does not limit the verification method of zero knowledge proof. Illustratively, the zero-knowledge proof of the first parameter comprises: proving a preset ratio of hj0And hj1The predetermined difference relation corresponding to j is satisfied. E.g., h of certificate 1/2j0And hj1The difference is g1+1 and additionally h of 1/2j0And hj1The difference is g1
In an optional embodiment of the present invention, the calculating, by the sender, a public key and a private key based on a locally generated random number and the first parameter, and encrypting, based on a preset key generation function and the private key, a message in a jth message group to obtain a ciphertext of the jth message group may include:
step S41, the sender generates a third random array, and obtains a first public key u based on the dot product calculation and the dot addition calculation of the random number in the third random array and the parameter in the first parameterj0A first private key vj0A second public key uj1And a second private key vj1
Step S42, the sender bases on the first private key vj0Generating a first key by a preset key generation function, and encrypting the first message in the jth message group by using the first key to obtain a ciphertext e of the first messagej0And based on a second private key vj1Generating a second key by a key generation function, and encrypting a second message in the jth message group by using the second key to obtain a ciphertext e of the second messagej1
When both the sender and the receiver execute the jth 2-to-1 inadvertent transmission protocol, it is assumed that the jth message group held by the sender contains the first message m0jAnd a second message m1jThe jth index held by the receiver is aj.
After the sender receives the first parameter sent by the receiver, the sender generates a third random array, and obtains a first public key u based on the point multiplication calculation and the point addition calculation of the random number in the third random array and the parameter in the first parameterj0A first private key vj0A second public key uj1And a second private key vj1
Illustratively, the third random number group generated by the sender includes the following random numbers: sj0、sj1、tj0、tj1. First public key uj0=[sj0]*g0+[tj0]*hj0(ii) a First private key vj0=[sj0]*gj’+[tj0]*hj'; second public key uj1=[sj1]*g1+[tj1]*hj1(ii) a Second private key vj1=[sj1]*gj’+[tj1]*hj’。
The sender is based on the first private key vj0And a predetermined key generation function, such as KDF, for generating a first key, using the first key to generate a first message (e.g., message m 0)j) Encrypting to obtain a ciphertext e of the first messagej0E.g. ej0=KDF(vj0)⊕m0j(ii) a Wherein ≧ indicates that both are subjected to an exclusive or operation one by one bit. The sender is based on the second private key vj1And the KDF generating a second key, using the second key to encrypt a second message (e.g. message m 1)j) Encrypting to obtain a ciphertext e of the second messagej1E.g. ej1= KDF(vj1)⊕m1j
The sender sends the ciphertext of the first message, the ciphertext of the second message and the first public key uj0And a second public key uj1And sending the second parameter to the receiving party.
The receiver calculates the slave message m0 based on the held index, the key generation function, and the second parameterjAnd message m1jAssuming that the target message is obtained and is marked as mjaj
In an alternative embodiment of the invention, the jth message group contains the message m0jAnd m1jThe target message mj selected from the jth message group can be calculated byaj:mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Where aj denotes the jth index held by the receiver. When aj =0, ujaj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
It should be noted that when j does not belong to the verification subset, the message corresponding to the jth index is selected for decryption, and if aj =0, m0 is selectedjDecrypting to obtain a transmission result (target message); if aj =1, m1 is selectedjDecrypting to obtain transmission result(target message). And when j belongs to the verification subset, two messages in the jth message group can be obtained through decryption for verification.
In an alternative embodiment of the invention, the jth message group contains the message m0jAnd m1jThe non-target message mj not selected from the jth message group can be calculated by1-aj:mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Where aj denotes the jth index held by the receiver. When aj =0, ujaj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
The sender sends the ciphertext e of the first messagej0Ciphertext e of the second messagej1(ii) a First public key uj0And a second public key uj1And sending the data to a receiving party. Index a when the receiver executes the 2-out-of-1 inadvertent transmission protocol based on the jth timej(the embodiment of the invention is denoted as aj in calculation) and a second parameter received from a sender decrypts the corresponding ciphertext to obtain a result mj of the inadvertent transmission of the 1-out-of-2 in the jth time1-aj. Further, the receiver also computes the non-target message mj when j belongs to the verification subset1-ajTo verify whether the transmission result of the non-target message is correct.
For mj1-ajThe receiver can decrypt the target message mjajDecryption is performed in the same manner. E.g. calculating vj1-ajThe encryption key is then computed from a key generation function (KDF) to obtain mj using the encryption key for decryption1-aj. For j not belonging to the verification subset, the receiver cannot calculate vj1-ajAnd then mj cannot be calculated1-aj
By the embodiment of the invention, for j belonging to the verification subset, the receiver can obtain two keys corresponding to two message ciphertexts in the jth message group, so that two plaintexts of the two message ciphertexts are obtained by decryption, and whether the result of the careless transmission is correct (whether the result is correctly output according to the index) can be verified. If the result is erroneous, the inadvertent transfer protocol is aborted and the resulting transfer result is not trusted.
Referring to fig. 2, a flowchart illustrating a process of two parties executing a jth 2-to-1 oblivious transmission protocol in an example of the embodiment of the present invention is shown. The sender holds the following n message groups: (m00,m10)、(m01,m11)、…、(m0n-1,m1n-1). The receiver holds the following n indices: a is0、a1、a2、…、an-1The recipient also holds a verification subset J ⊂ [ n ]]. As shown in fig. 2, the interaction process between the two parties is as follows:
step 0, receiving order g0= G; generating a first random number R _ R1, and obtaining g based on the point multiplication calculation on the SM2 standard elliptic curve1=[R_r1]*G。
Step 1, the receiver generates a first random number group R _ R2 containing n random numbers.
Step 2, the receiver calculates based on the point multiplication and the point addition on the SM2 standard elliptic curve:
step 2.1. if J belongs to J, h is calculatedj0=[R_r2[j]]G,hj1=g1+[R_r2[j]]G;
Step 2.2. if J ∉ J, calculate hj0=[R_r2[j]]G,hj1=g1+[R_r2[j]+1]G;
And 3, the receiving party generates a second random number group R _ R3 containing n random numbers.
Step 4, the receiver aims at the index a0、a1、a2、…、an-1Calculating based on the point multiplication and the point addition on the SM2 standard elliptic curve: gj’=(gaj)+[R_r3[j]]G,hj’=(hj)+[R_r3[j]]G. The receiving party will g1,hj0,hj1ZKProoof related information, gj’,hj' to the sender.
Step 5, the sender generates a third random array comprising a random number sj0、sj1、tj0、tj1
Step 6, the sender calculates based on the point multiplication and the point addition on the SM2 standard elliptic curve:
uj0=[sj0]*g0+[tj0]*hj0,vj0=[sj0]*gj’+[tj0]*hj’;
uj1=[sj1]*g1+[tj0]*hj1,vj1=[sj1]*gj’+[tj1]*hj’。
step 7, the sending party orders KDF to be a key generation function and calculates ej0=KDF(vj0)⊕m0j,ej1=KDF(vj1)⊕m1j. The sender will ej0、ej1;uj0、uj1And sending the data to a receiving party.
Step 8, the receiver calculates the target message mjaj=KDF(ujaj-[R_r3]*G) ⊕ejaj
Step 9, for J epsilon J, the receiver further calculates the non-target message mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G) ⊕ej1-aj
The n-out-of-1 oblivious transport protocol and the n-out-of-k oblivious transport protocol are similar to the implementation process of the 2-out-of-1 oblivious transport protocol. On the basis of realizing the 2-to-1 oblivious transmission protocol, an n-to-1 oblivious transmission protocol and an n-to-k oblivious transmission protocol can be realized.
In an optional embodiment of the present invention, in a scenario where the protocol is inadvertently transmitted by n-out-of-1, the sender holds the following n messages: m is0、m1、m2、…、mn-1The receiver holds the selection bit a, the value range of a is 0-n-1, namely the value of a can be any integer from 0-n-1, and n is more than 1. The sender sends the following n messages according to the holding: m is0,m1, m2,… mn-1The following n message groups are set: [0, m ]0]、[0, m1]、[0, m2]、…、[0, ma0]、…、[0, mn-1]. The receiver sets the following n indexes according to the held selection bit a: 0. 0, …,1, …, 0.Wherein, the value of the a-th index is 1, and the values of the rest indexes are 0. Based on n message groups held by the sender and n indexes held by the receiver, the two parties execute the aforementioned n-time 2-to-1 oblivious transmission protocol. The receiving side obtains the result m of the OT protocol transmission of n-1-out when the OT protocol execution of the a-time 2-1-out is completeda. The n-out-of-1 oblivious transport protocol may be executed correctly under the malicious participant model.
In an optional embodiment of the present invention, in a scenario where n selects k to transport the protocol unintentionally, the sender sends the following n messages: m is0,m1, m2,… mn-1The receiver holds a selection bit a0~ak-1,a0~ak-1Any one of which has a value range of 0 to n-1. The sender sets the following n message groups according to the n messages: [0, m ]0]、[0, m1]、[0, m2]、…、[0, ma0]、…、[0, mn-1]. The receiving side selects a bit according to the held0~ak-1The following n indices are set: 0. 1, 0, …,1, 0, …,1, …, 0. Wherein, the first0~ak-1The value of one index is 1 and the values of the remaining indices are 0. Based on n message groups held by the sender and n indexes held by the receiver, the two parties execute the above mentioned n times of 2-to-1 inadvertent transmission protocol. The receiving party is at the a0~ak-1Obtaining a result m of an n-to-1 OT protocol transmission upon completion of the execution of the 2-to-1 OT protocola0~mak-1. The n-out-of-k oblivious transport protocol may be executed correctly under the malicious participant model.
In addition, a is0~ak-1The indexes may be continuous indexes or discontinuous indexes, and the above example is only one application example of the present invention and should not be taken as a limitation of implementing the OT protocol of n-k selection according to the present invention.
In summary, the oblivious transmission method provided by the embodiment of the invention adds the verification subset to the receiver on the basis of the 2-to-1 oblivious transmission protocol. The method comprises the steps that a sender and a receiver execute a 2-to-1 inadvertent transmission protocol for multiple times, a part is randomly selected to be verified in the process of executing the protocol for multiple times so as to verify whether a participant violates the protocol, and if the verification result of a verification subset meets a preset condition, the receiver obtains a credible inadvertent transmission result. By the embodiment of the invention, the careless transmission protocol can be correctly executed under a malicious participant model, and the safety of the careless transmission protocol can be improved.
Referring to FIG. 3, a flow diagram illustrating steps of another embodiment of an inadvertent transmission method of the present invention is shown, the method being applicable to a recipient in a multi-party secure computing platform that also includes a sender, and the method may include:
step 301, based on n indexes and verification subset J, executing an n-time 2-to-1 oblivious transmission protocol with a sender, and when executing the jth time, if J belongs to the verification subset, verifying the jth transmission data by the receiver; wherein, the sender holds n message groups, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
step 302, when the execution of the n-time 2-to-1 oblivious transmission protocol is completed, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible oblivious transmission result.
Optionally, the nth time of the 2-to-1 oblivious transmission protocol includes the following steps:
calculating a first parameter based on a locally generated random number, a base point G of an SM2 algorithm and whether j belongs to a verification subset, and sending the first parameter to a sender;
receiving a second parameter from a sender, wherein the sender calculates a public key and a private key based on a locally generated random number and the first parameter, and encrypts a message in a jth message group based on a preset key generation function and the private key to obtain a ciphertext of the jth message group, and the second parameter comprises the ciphertext of the jth message group and the public key;
computing a target message selected from the jth message group based on the jth index, the key generation function, and the second parameter, and computing non-target messages not selected from the jth message group to validate the non-target messages when j belongs to the validation subset.
Optionally, after calculating the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, the method further comprises:
and carrying out zero knowledge proof on the first parameter, and sending related information of the zero knowledge proof to a sender.
Optionally, the calculating a first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset includes:
let the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
Generating a first random number R _ R2, calculating dot product and dot addition based on the first random number R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
Generating a second random number R _ R3, calculating dot product and dot addition based on the second random number R _ R3 and the base point G, and the jth index, the first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
The second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj', and a sixth temporary public key hj' as a first parameter.
Optionally, the jth message group includes a first message m0jAnd a second message m1jThe jth index is aj, wherein,
second temporary public key g1=[R_r1]*G;
j belongs toWhen verifying the subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]*G;
j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]*G;
Fifth temporary public key gj’=(gaj)+[R_r3[j]]G; wherein, when aj =0, gaj =g0(ii) a When aj =1, gaj =g1
Sixth temporary public key hj’=(haj)+[R_r3[j]]G; wherein, when aj =0, haj=h0(ii) a When aj =1, haj=h1
Optionally, the jth message group contains the message m0jAnd m1jKDF is a key generation function, and a target message mj selected from the jth message group is calculated by the following formulaaj
mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
Calculating the non-target message mj not selected from the jth message group by1-aj
mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
Optionally, the verification result of the verification subset satisfies a preset condition, including:
and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
The method for the inadvertent transmission of the embodiment of the invention can be suitable for 1-out-of-2 (1-out-of-2), 1-out-of-n (1-out-of-n), k-out-of-n (k-out-of-n) and the like, can ensure that the inadvertent transmission protocol can be correctly executed under a malicious participant model, and can improve the safety of the inadvertent transmission protocol.
The steps executed by the sender in the inadvertent transmission method shown in fig. 3 are specifically described in the embodiment shown in fig. 1, and are not described herein again, and reference may be made to the specific processes in the foregoing embodiments.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram of a multi-party secure computing platform according to an embodiment of the present invention is shown, where the multi-party secure computing platform may execute an oblivious transfer protocol, the multi-party secure computing platform includes a sender 401 and a receiver 402, where the sender 401 is based on n message groups held, the receiver 402 is based on n indexes and verification subsets J held, and both sides execute an oblivious transfer protocol of 2-out-of-1 n times; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
the receiver 402 includes a data verification module 4021, configured to verify the jth transmission data if j belongs to the verification subset when the jth transmission is executed;
the receiver 402 further includes a data obtaining module 4022, configured to obtain a trusted result of the inadvertent transmission if it is determined that the verification result of the verification subset meets a preset condition when the execution of the 2-out-of-2 inadvertent transmission protocol is completed n times.
Optionally, the receiving side further includes a first parameter calculating module, configured to calculate a first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, and send the first parameter to the sending side;
the sender also comprises a second parameter calculation module which is used for calculating a public key and a private key based on the locally generated random number and the first parameter, encrypting the message in the jth message group based on a preset key generation function and the private key to obtain the ciphertext of the jth message group, and sending the ciphertext of the jth message group and the public key as second parameters to the receiver;
the data verification module is specifically configured to calculate a target message selected from a jth message group based on the jth index, the key generation function, and the second parameter, and when j belongs to a verification subset, calculate a non-target message not selected from the jth message group, and verify the non-target message.
Optionally, the receiving party further includes a proving module, configured to perform zero knowledge proving on the first parameter, and send related information of the zero knowledge proving to the sending party;
the sender also comprises an information verification module used for verifying the related information of the zero knowledge proof, and if the verification is not passed, the protocol is stopped.
Optionally, the first parameter calculating module includes:
a first calculation submodule for making the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
A second calculation submodule for generating a first random array R _ R2, a dot product calculation and a dot addition calculation based on the first random array R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
A third computing submodule for generating a second random array R _ R3 based on the second random array R _ RThe dot product and dot addition of the random array R _ R3 and the base point G, and the jth index and the first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
A first parameter determination submodule for determining the second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj', and a sixth temporary public key hj' as a first parameter;
the second parameter calculation module includes:
a public key calculation submodule for generating a third random array, and obtaining a first public key u based on the dot product calculation and the dot addition calculation of the random number in the third random array and the parameter in the first parameterj0A first private key vj0A second public key uj1And a second private key vj1
A data encryption submodule for encrypting data based on a first private key vj0Generating a first key by a preset key generation function, and encrypting the first message in the jth message group by using the first key to obtain a ciphertext e of the first messagej0And based on a second private key vj1Generating a second key by a key generation function, and encrypting a second message in the jth message group by using the second key to obtain a ciphertext e of the second messagej1
Optionally, the jth message group includes a first message m0jAnd a second message m1jThe jth index is aj, wherein,
second temporary public key g1=[R_r1]*G;
j belongs to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]*G;
j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]*G;
Fifth temporaryPublic key gj’=(gaj)+[R_r3[j]]G; wherein, when aj =0, gaj =g0(ii) a When aj =1, gaj =g1
Sixth temporary public key hj’=(haj)+[R_r3[j]]G; wherein, when aj =0, haj=h0(ii) a When aj =1, haj=h1
The third random number group includes the following random numbers: sj0、sj1、tj0、tj1
First public key uj0=[sj0]*g0+[tj0]*hj0
First private key vj0=[sj0]*gj’+[tj0]*hj’;
Second public key uj1=[sj1]*g1+[tj1]*hj1
Second private key vj1=[sj1]*gj’+[tj1]*hj’;
Ciphertext e of the first messagej0=KDF(vj0)⊕m0jKDF is a key generation function;
ciphertext e of the second messagej1= KDF(vj1)⊕m1j
Optionally, the jth message group contains the message m0jAnd m1jCalculating a target message mj selected from the jth message group by the following equationaj
mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
Calculating the non-target message mj not selected from the jth message group by1-aj
mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
Optionally, the verification result of the verification subset satisfies a preset condition, including:
and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
The method for the inadvertent transmission provided by the embodiment of the invention adds the verification subset on the receiver on the basis of the 2-to-1 inadvertent transmission protocol. The method comprises the steps that a sender and a receiver execute a 2-to-1 inadvertent transmission protocol for multiple times, a part is randomly selected to be verified in the process of executing the protocol for multiple times so as to verify whether a participant violates the protocol, and if the verification result of a verification subset meets a preset condition, the receiver obtains a credible inadvertent transmission result. By the embodiment of the invention, the careless transmission protocol can be correctly executed under a malicious participant model, and the safety of the careless transmission protocol can be improved.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
An embodiment of the present invention provides a device for inadvertent transmission comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing one or more of the aforementioned methods of inadvertent transmission.
Fig. 5 is a block diagram illustrating an apparatus 800 for inadvertent transmission, according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 5, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also search for a change in the position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in the temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 6 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the inadvertent transmission method shown in fig. 1 or 3.
A non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of a device (server or terminal), enable the device to perform the description of the inadvertent transmission method in the embodiment corresponding to fig. 1 or fig. 3, and therefore, the description thereof will not be repeated herein. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Further, it should be noted that: embodiments of the present application also provide a computer program product or computer program, which may include computer instructions, which may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and the processor can execute the computer instruction, so that the computer device executes the description of the inadvertent transmission method in the embodiment corresponding to fig. 1, which is described above, and therefore, the description thereof will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The present invention provides an inadvertent transmission method, a multi-party secure computing platform and an apparatus for the inadvertent transmission, which are introduced in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the above description of the embodiments is only used to help understanding the method and the core ideas of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (23)

1. An oblivious transfer method, applied to a multi-party secure computing platform including a sender and a receiver, the method comprising:
the sender is based on n message groups, the receiver is based on n indexes and verification subset J, both sides execute the 2-to-1 oblivious transmission protocol for n times, and when executing the jth time, if J belongs to the verification subset, the receiver verifies the transmission data of the jth time; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
and when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible inadvertent transmission result.
2. The method of claim 1, wherein the two parties perform the jth of the n times 2-out-of-1 oblivious transfer protocol comprises the steps of:
the receiving party calculates a first parameter based on a locally generated random number, a base point G of an SM2 algorithm and whether j belongs to a verification subset, and sends the first parameter to the sending party;
the sender calculates a public key and a private key based on a locally generated random number and the first parameter, encrypts the message in the jth message group based on a preset key generation function and the private key to obtain a ciphertext of the jth message group, and sends the ciphertext of the jth message group and the public key serving as second parameters to the receiver;
the receiver calculates a target message selected from the jth message group based on the jth index, the key generation function, and the second parameter, and calculates a non-target message not selected from the jth message group to authenticate the non-target message when j belongs to the authentication subset.
3. The method of claim 2, wherein after the receiving side calculates the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, the method further comprises:
the receiver performs zero knowledge proof on the first parameter and sends related information of the zero knowledge proof to the sender;
and the sender verifies the related information of the zero knowledge proof, and if the verification fails, the protocol is terminated.
4. The method of claim 2, wherein the receiver calculates a first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the authentication subset, comprising:
the receiving party orders the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
The receiving side generates a first random number group R _ R2, a dot product calculation and a dot addition calculation based on the first random number group R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
The receiving party generates a second random number group R _ R3, a dot product calculation and a dot addition calculation based on the second random number group R _ R3 and the base point G, and a jth index, a first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
The receiving party sends the second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj' toAnd a sixth temporary public key hj' as a first parameter;
the method includes that the sender calculates a public key and a private key based on a locally generated random number and the first parameter, encrypts a message in a jth message group based on a preset key generation function and the private key, and obtains a ciphertext of the jth message group, and includes the following steps:
the sender generates a third random array, and obtains a first public key u based on the dot product calculation and the dot addition calculation of the random number in the third random array and the parameter in the first parameterj0A first private key vj0A second public key uj1And a second private key vj1
The sender is based on the first private key vj0Generating a first key by a preset key generation function, and encrypting the first message in the jth message group by using the first key to obtain a ciphertext e of the first messagej0And based on a second private key vj1Generating a second key by a key generation function, and encrypting a second message in the jth message group by using the second key to obtain a ciphertext e of the second messagej1
5. The method of claim 4, wherein the jth message group comprises a first message m0jAnd a second message m1jThe jth index is aj, wherein,
second temporary public key g1=[R_r1]*G;
j belongs to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]*G;
j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]*G;
Fifth temporary public key gj’=(gaj)+[R_r3[j]]G; wherein, when aj =0, gaj=g0(ii) a When aj =1, gaj =g1
Sixth temporary public key hj’=(haj)+[R_r3[j]]G; wherein whenaj =0, haj=h0(ii) a When aj =1, haj=h1
The third random number group includes the following random numbers: sj0、sj1、tj0、tj1
First public key uj0=[sj0]*g0+[tj0]*hj0
First private key vj0=[sj0]*gj’+[tj0]*hj’;
Second public key uj1=[sj1]*g1+[tj1]*hj1
Second private key vj1=[sj1]*gj’+[tj1]*hj’;
Ciphertext e of the first messagej0=KDF(vj0)⊕m0jKDF is a key generation function;
ciphertext e of the second messagej1= KDF(vj1)⊕m1j
6. The method of claim 5, wherein the jth message group comprises message m0jAnd m1jCalculating a target message mj selected from the jth message group by the following equationaj
mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
Calculating the non-target message mj not selected from the jth message group by1-aj
mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
7. The method according to claim 1, wherein the verifying result of the verifying subset satisfies a preset condition, including:
and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
8. An oblivious transmission method, applied to a receiver in a multi-party secure computing platform, the multi-party secure computing platform further comprising a sender, the method comprising:
based on n indexes and a verification subset J, executing an n-time 2-to-1 oblivious transmission protocol with a sender, and when executing the jth time, if J belongs to the verification subset, verifying the jth transmission data by the receiver; wherein, the sender holds n message groups, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
and when the execution of the 2-out-of-2 inadvertent transmission protocol is finished for n times, if the verification result of the verification subset meets the preset condition, the receiving party obtains the credible inadvertent transmission result.
9. The method of claim 8, wherein the n times 1 out of 2 oblivious transmission protocol for the jth time comprises the steps of:
calculating a first parameter based on a locally generated random number, a base point G of an SM2 algorithm and whether j belongs to a verification subset, and sending the first parameter to a sender;
receiving a second parameter from a sender, wherein the sender calculates a public key and a private key based on a locally generated random number and the first parameter, and encrypts a message in a jth message group based on a preset key generation function and the private key to obtain a ciphertext of the jth message group, and the second parameter comprises the ciphertext of the jth message group and the public key;
computing a target message selected from the jth message group based on the jth index, the key generation function, and the second parameter, and computing non-target messages not selected from the jth message group to validate the non-target messages when j belongs to the validation subset.
10. The method of claim 9, wherein after calculating the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset, the method further comprises:
and carrying out zero knowledge proof on the first parameter, and sending related information of the zero knowledge proof to a sender.
11. The method of claim 9, wherein calculating the first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the verification subset comprises:
let the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
Generating a first random number R _ R2, calculating dot product and dot addition based on the first random number R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
Generating a second random number R _ R3, calculating dot product and dot addition based on the second random number R _ R3 and the base point G, and the jth index, the first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
The second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Fifth medicineTime public key gj', and a sixth temporary public key hj' as a first parameter.
12. The method of claim 11, wherein the jth message group comprises a first message m0jAnd a second message m1jThe jth index is aj, wherein,
second temporary public key g1=[R_r1]*G;
j belongs to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]*G;
j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]*G;
Fifth temporary public key gj’=(gaj)+[R_r3[j]]G; wherein, when aj =0, gaj =g0(ii) a When aj =1, gaj =g1
Sixth temporary public key hj’=(haj)+[R_r3[j]]G; wherein, when aj =0, haj=h0(ii) a When aj =1, haj=h1
13. The method of claim 12, wherein the jth message group comprises message m0jAnd m1jKDF is a key generation function, and a target message mj selected from the jth message group is calculated by the following formulaaj
mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
Calculating the non-target message mj not selected from the jth message group by1-aj
mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
14. The method according to claim 8, wherein the verifying result of the verifying subset satisfies a preset condition, comprising:
and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
15. A multi-party security computing platform is characterized in that the multi-party security computing platform comprises a sender and a receiver, wherein the sender is based on n message groups, the receiver is based on n indexes and a verification subset J, and the two parties execute an inadvertent transmission protocol of 2-out-of-1 n times; wherein, one message group comprises two messages to be selected, n is more than 1, J ⊂ [ n ], and [ n ] is a set formed by integers from 0 to n-1;
the receiver comprises a data verification module, and is used for verifying the j-th transmission data if j belongs to the verification subset when j is executed for the j-th time;
the receiver further comprises a data acquisition module, configured to obtain a trusted result of the inadvertent transmission if it is determined that the verification result of the verification subset meets a preset condition when the n-time execution of the 2-to-1 inadvertent transmission protocol is completed.
16. The multi-party secure computing platform of claim 15, wherein the receiving party further comprises a first parameter calculation module for calculating a first parameter based on the locally generated random number, the base point G of the SM2 algorithm, and whether j belongs to the authentication subset, and sending the first parameter to the sending party;
the sender also comprises a second parameter calculation module which is used for calculating a public key and a private key based on the locally generated random number and the first parameter, encrypting the message in the jth message group based on a preset key generation function and the private key to obtain the ciphertext of the jth message group, and sending the ciphertext of the jth message group and the public key as second parameters to the receiver;
the data verification module is specifically configured to calculate a target message selected from a jth message group based on the jth index, the key generation function, and the second parameter, and when j belongs to a verification subset, calculate a non-target message not selected from the jth message group, and verify the non-target message.
17. The multi-party secure computing platform of claim 16, wherein the receiving party further comprises a certification module configured to perform zero-knowledge certification on the first parameter and send information related to the zero-knowledge certification to the sending party;
the sender also comprises an information verification module used for verifying the related information of the zero knowledge proof, and if the verification is not passed, the protocol is stopped.
18. The multi-party secure computing platform of claim 16, wherein the first parameter computation module comprises:
a first calculation submodule for making the first temporary public key g0= G, generate the first random number R _ R1, and obtain the second temporary public key G based on the dot product calculation of the first random number R _ R1 and the base point G1
A second calculation submodule for generating a first random array R _ R2, a dot product calculation and a dot addition calculation based on the first random array R _ R2 and the base point G, and a second temporary public key G1Whether the j belongs to the verification subset or not, and calculating to obtain a third temporary public key hj0And a fourth temporary public key hj1
A third computation submodule for generating a second random array R _ R3, a dot product calculation and a dot addition calculation based on the second random array R _ R3 and a base point G, and a jth index, a first temporary public key G0A second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1Calculating to obtain a fifth temporary public key gj' and sixth temporary public key hj’;
A first parameter determination submodule for determining the second temporary public key g1The third temporary public key hj0Fourth temporary public key hj1The fifth temporary public key gj', and a sixth temporary public key hj' as a first parameter;
the second parameter calculation module includes:
a public key calculation submodule for generating a third random array, and obtaining a first public key u based on the dot product calculation and the dot addition calculation of the random number in the third random array and the parameter in the first parameterj0A first private key vj0A second public key uj1And a second private key vj1
A data encryption submodule for encrypting data based on a first private key vj0Generating a first key by a preset key generation function, and encrypting the first message in the jth message group by using the first key to obtain a ciphertext e of the first messagej0And based on a second private key vj1Generating a second key by a key generation function, and encrypting a second message in the jth message group by using the second key to obtain a ciphertext e of the second messagej1
19. The multi-party secure computing platform of claim 18, wherein the jth message group comprises a first message m0jAnd a second message m1jThe jth index is aj, wherein,
second temporary public key g1=[R_r1]*G;
j belongs to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]]*G;
j does not belong to the verification subset, the third temporary public key hj0=[R_r2[j]]G, fourth temporary public key hj1=g1+[R_r2[j]+1]*G;
Fifth temporary public key gj’=(gaj)+[R_r3[j]]G; wherein, when aj =0, gaj =g0(ii) a When aj =1, gaj =g1
Sixth temporary public key hj’=(haj)+[R_r3[j]]G; wherein, when aj =0, haj=h0(ii) a When aj =1, haj=h1
The third random number group includes the following random numbers: sj0、sj1、tj0、tj1
First public key uj0=[sj0]*g0+[tj0]*hj0
First private key vj0=[sj0]*gj’+[tj0]*hj’;
Second public key uj1=[sj1]*g1+[tj1]*hj1
Second private key vj1=[sj1]*gj’+[tj1]*hj’;
Ciphertext e of the first messagej0=KDF(vj0)⊕m0jKDF is a key generation function;
ciphertext e of the second messagej1= KDF(vj1)⊕m1j
20. The multi-party secure computing platform of claim 19, wherein the jth message group comprises message m0jAnd m1jCalculating a target message mj selected from the jth message group by the following equationaj
mjaj=KDF(ujaj-[R_r3]*G)⊕ejaj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mjaj = m0j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mjaj = m1j
Calculating the non-target message mj not selected from the jth message group by1-aj
mj1-aj=KDF(ujaj-[R_r3]*G-[R_r1]*G)⊕ej1-aj(ii) a Wherein, uj is equal to or greater than 0aj = uj0,ejaj = ej0,mj1-aj = m1j(ii) a When aj =1, ujaj = uj1,ejaj = ej1,mj1-aj = m0j
21. The multi-party secure computing platform of claim 15, wherein the validation results of the subset of validations satisfy a predetermined condition comprising:
and when j belongs to the verification subset, the target message selected from the jth message group and the non-target message not selected from the jth message group which are calculated by the receiver are correct.
22. An apparatus for inadvertent transmission comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing the method of inadvertent transmission of any of claims 1-7 or 8-14.
23. A machine-readable medium having instructions stored thereon, which when executed by one or more processors of an apparatus, cause the apparatus to perform the inadvertent transmission method of any of claims 1 to 7 or 8 to 14.
CN202210191130.2A 2022-03-01 2022-03-01 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission Active CN114301609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210191130.2A CN114301609B (en) 2022-03-01 2022-03-01 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210191130.2A CN114301609B (en) 2022-03-01 2022-03-01 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission

Publications (2)

Publication Number Publication Date
CN114301609A true CN114301609A (en) 2022-04-08
CN114301609B CN114301609B (en) 2022-05-17

Family

ID=80976558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210191130.2A Active CN114301609B (en) 2022-03-01 2022-03-01 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission

Country Status (1)

Country Link
CN (1) CN114301609B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065470A (en) * 2022-08-05 2022-09-16 北京信安世纪科技股份有限公司 Data transmission method and device
CN115378588A (en) * 2022-10-25 2022-11-22 北京信安世纪科技股份有限公司 Method, apparatus and storage medium for inadvertent transmission

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150143102A1 (en) * 2011-12-16 2015-05-21 International Business Machines Corporation Sending messages by oblivious transfer
CN105721140A (en) * 2016-01-27 2016-06-29 北京航空航天大学 K out of n oblivious transfer method and system
CN108632035A (en) * 2018-05-17 2018-10-09 湖北工业大学 A kind of Oblivious Transfer system and method with access control
CN112019333A (en) * 2020-09-04 2020-12-01 支付宝(杭州)信息技术有限公司 Data processing method and device for OTA protocol
CN112039655A (en) * 2020-08-31 2020-12-04 南京航空航天大学 Bidirectional oblivious transmission protocol scheme based on Cut-and-Choose technology
CN112671802A (en) * 2021-01-12 2021-04-16 北京邮电大学 Data sharing method and system based on oblivious transmission protocol
CN113259329A (en) * 2021-04-26 2021-08-13 北京信安世纪科技股份有限公司 Method and device for data inadvertent transmission, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150143102A1 (en) * 2011-12-16 2015-05-21 International Business Machines Corporation Sending messages by oblivious transfer
CN105721140A (en) * 2016-01-27 2016-06-29 北京航空航天大学 K out of n oblivious transfer method and system
CN108632035A (en) * 2018-05-17 2018-10-09 湖北工业大学 A kind of Oblivious Transfer system and method with access control
CN112039655A (en) * 2020-08-31 2020-12-04 南京航空航天大学 Bidirectional oblivious transmission protocol scheme based on Cut-and-Choose technology
CN112019333A (en) * 2020-09-04 2020-12-01 支付宝(杭州)信息技术有限公司 Data processing method and device for OTA protocol
CN112671802A (en) * 2021-01-12 2021-04-16 北京邮电大学 Data sharing method and system based on oblivious transmission protocol
CN113259329A (en) * 2021-04-26 2021-08-13 北京信安世纪科技股份有限公司 Method and device for data inadvertent transmission, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
于海勇: "基于区块链的数据交易方法研究", 《中国优秀硕士学位论文全文数据库(电子期刊)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065470A (en) * 2022-08-05 2022-09-16 北京信安世纪科技股份有限公司 Data transmission method and device
CN115065470B (en) * 2022-08-05 2022-11-11 北京信安世纪科技股份有限公司 Data transmission method and device
CN115378588A (en) * 2022-10-25 2022-11-22 北京信安世纪科技股份有限公司 Method, apparatus and storage medium for inadvertent transmission

Also Published As

Publication number Publication date
CN114301609B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN114756886B (en) Method and device for inquiring hiding trace
CN107947913B (en) Anonymous authentication method and system based on identity
CN114301609B (en) Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN114301594B (en) Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN103493427B (en) Method and apparatus for the discovery of security association
CN112398648B (en) Key management method and device for key management
CN112906039B (en) Certificateless distributed signature method, certificateless distributed signature device, certificateless distributed signature medium and electronic equipment
CN112182646A (en) Data reading method and device, data authorization method and device, and storage medium
CN114547668A (en) Secret trace query method and device based on country secret and index confusion
CN114978512B (en) Privacy intersection method and device and readable storage medium
CN112182647A (en) Data reading method and device, data authorization method and device, and storage medium
KR20070105826A (en) System providing public key authentication and the same method
CN111654481B (en) Identity authentication method, identity authentication device and storage medium
CN114884645B (en) Privacy calculation method and device and readable storage medium
CN113868505A (en) Data processing method and device, electronic equipment, server and storage medium
CN105120452B (en) Transmit the method, apparatus and system of information
CN111565108B (en) Signature processing method, device and system
CN115941181B (en) Out-of-order secret sharing method, system and readable storage medium
CN114885038B (en) Encryption protocol conversion method, result acquisition node and privacy calculation node
CN114866312B (en) Shared data determining method and device for protecting data privacy
CN115242464A (en) Service processing method, system, device and equipment
CN112711744B (en) Processing method and device for computing task and processing device for computing task
CN112671530B (en) Data processing method and device and data processing device
CN112187771B (en) Authentication method, device and device for authentication
CN114969164B (en) Data query method and device and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant