WO2019208484A1 - 秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム - Google Patents
秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム Download PDFInfo
- Publication number
- WO2019208484A1 WO2019208484A1 PCT/JP2019/016985 JP2019016985W WO2019208484A1 WO 2019208484 A1 WO2019208484 A1 WO 2019208484A1 JP 2019016985 W JP2019016985 W JP 2019016985W WO 2019208484 A1 WO2019208484 A1 WO 2019208484A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- share
- secret
- vector
- sum
- value
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/06—Arrangements for sorting, selecting, merging, or comparing data on individual record carriers
- G06F7/08—Sorting, i.e. grouping record carriers in numerical or other ordered sequence according to the classification of at least some of the information they carry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/22—Arrangements for sorting or merging computer data on continuous record carriers, e.g. tape, drum, disc
- G06F7/24—Sorting, i.e. extracting data from one or more carriers, rearranging the data in numerical or other ordered sequence, and rerecording the sorted data on the original carrier or on a different carrier or set of carriers sorting methods in general
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Definitions
- the present invention relates to a secret calculation technique, and more particularly to a technique for calculating an aggregate function while maintaining confidentiality.
- the aggregate function is an operation for obtaining a statistical value grouped based on the value of the key attribute when the table has the key attribute and the value attribute.
- Aggregate functions are also called group-by operations.
- the key attribute is an attribute used for grouping the records in the table, and examples thereof include a job title and sex.
- the value attribute is an attribute used to calculate a statistical value, and examples thereof include salary and height.
- the group-by operation is, for example, an operation for obtaining an average height for each gender when the key attribute is gender.
- the key attribute may be a composite key with a plurality of attributes. For example, when the key attribute is gender and age, the average height of males in teens, the average height of males in their 20s, etc. There may be.
- Non-Patent Document 1 describes a method of performing a group-by operation by a secret calculation.
- the aggregate sum is one of the aggregate functions, and is an operation for summing up the sum of desired value attributes for each group when the table is grouped based on the value of the key attribute. Aggregate summation is also called group-by summation.
- the group-by sum is, for example, an operation for obtaining the total salary of a male teenager, the total salary of a male 20s, and so on when the key attributes are gender and age.
- group-by sum it is possible to calculate group-by sum of products that calculates the sum of multiplications for each group and group-by sum of squares that calculates the sum of squares for each group. If it is a group-by product sum, a group-by sum may be obtained for the result of multiplying the value attribute of each record. In the case of a group-by sum of squares, similarly, a group-by sum may be obtained for the result of squaring the value attribute of each record.
- An object of the present invention is to provide a technique capable of efficiently obtaining a group-by sum while keeping confidentiality in view of the technical problems as described above.
- a group-by sum can be efficiently obtained from the number of O (1) communications while maintaining secrecy.
- FIG. 1 is a diagram illustrating a functional configuration of the secret aggregation total system.
- FIG. 2 is a diagram illustrating a functional configuration of the secret computing device.
- FIG. 3 is a diagram illustrating a processing procedure of the secret aggregation summation method.
- FIG. 4 is a diagram illustrating a functional configuration of a secret computing device according to a modification.
- [x] ⁇ [F] represents that a certain value x is concealed by secret sharing on an arbitrary ring F.
- ⁇ b ⁇ ⁇ ⁇ B ⁇ represents that a certain value b of 1 bit is concealed by secret sharing on ring B that can represent 1 bit.
- ⁇ s ⁇ ⁇ ⁇ S m ⁇ represents that a certain substitution s belonging to the m element substitution set S m is concealed by secret sharing or the like.
- the secret-distributed value is also referred to as “share”.
- the sort described in Reference Document 1 below can be used.
- the hybrid substitution ⁇ described in Reference Document 1 below may be used.
- the secret aggregation and summation system 100 includes N ( ⁇ 2) secret computing devices 1 1 ,..., 1 N.
- the secret computing devices 1 1 ,..., 1 N are each connected to the communication network 9.
- the communication network 9 is a circuit-switching or packet-switching communication network configured such that connected devices can communicate with each other.
- the Internet a LAN (Local Area Network), or a WAN (Wide Area Network). Etc. can be used.
- Each device does not necessarily need to be able to communicate online via the communication network 9.
- the secret computing device 1 n includes, for example, an input unit 10, a prefix sum unit 11, a flag converting unit 12, a flag applying unit 13, a sorting unit 14, a sum calculating unit 15, and an output unit 16, as shown in FIG. .
- the secret aggregation summation method of the embodiment is realized.
- the secret computing device 1 n is configured, for example, by loading a special program into a known or dedicated computer having a central processing unit (CPU), a main storage (RAM), and the like. It is a special device.
- the secret computing device 1 n executes each process under the control of the central processing unit.
- the data input to the secret computing device 1 n and the data obtained by each processing are stored in, for example, the main storage device, and the data stored in the main storage device is read out to the central processing unit as necessary. Used for other processing.
- At least a part of each processing unit of the secret computing device 1 n may be configured by hardware such as an integrated circuit.
- step S10 the input unit 10 of each secret computing device 1 n shares [v] ⁇ [F] m in which the value attribute v ⁇ F m sorted by the key attribute is concealed by secret sharing, and the flag e ⁇ B m.
- m is an integer of 2 or more.
- the input unit 10 outputs the share [v] of the value attribute v to the prefix sum unit 11, the share ⁇ e ⁇ of the flag e to the flag conversion unit 12, and the share ⁇ of the replacement ⁇ to the sort unit 14. .
- the flag e is a flag representing a group boundary.
- the flag e is a value corresponding to the last element of each group (that is, the element immediately before the boundary of the group) with records having the same key attribute value as the same group when the table is stably sorted by the key attribute. Is a flag that becomes true (for example, 1) and values corresponding to other elements are false (for example, 0).
- the stable sort is an operation that preserves the order of elements having the same value when elements having the same value exist in the sort operation. For example, if a table sorted in order of employee numbers is stably sorted by gender, a sort result in which the order of employee numbers is maintained in each gender is obtained.
- the replacement ⁇ is a replacement in which the key attribute values of each group are arranged one by one from the top.
- the replacement ⁇ when the table is stably sorted by the key attribute, records having the same key attribute value are grouped in the same group, the last element of each group is arranged in order from the top, and the other elements are arranged in order.
- Is a replacement that moves to The share ⁇ of the substitution ⁇ may be configured using the hybrid substitution ⁇ described in the above-mentioned reference 1.
- the maximum group number g is the number of combinations of values that the key attribute can take, that is, the number of types of values that the key attribute can take.
- prefix-sum is the length of the input vector v, and for each integer i between 0 and m-1, the i-th element v ' i of the output vector v' is the 0th element v of the input vector v This is an operation for setting the sum of values from 0 to the i-th element v i .
- the prefix sum unit 11 outputs the share [v ′] of the vector v ′ to the flag application unit 13.
- step S12 the flag conversion unit 12 of each secret computing device 1 n converts the share ⁇ e ⁇ ⁇ ⁇ B ⁇ m of the flag e into a share [e] ⁇ [F] m by secret sharing on an arbitrary ring F To do.
- the flag conversion unit 12 outputs the share [e] of the flag e to the flag application unit 13.
- “?” Is a conditional operator (or ternary operator).
- step S14 the sorting unit 14 of each secret computing device 1 n uses the share [t] of the vector t and the share ⁇ of the replacement ⁇ , and after sorting, sorts the vector t by the replacement ⁇ .
- a share [ ⁇ (t)] ⁇ [F] m that is a vector ⁇ (t) is generated.
- the sorting unit 14 outputs the share [ ⁇ (t)] of the sorted vector ⁇ (t) to the sum calculation unit 15.
- step S15 the sum calculation unit 15 of each secret computing device 1 n uses the share [ ⁇ (t)] of the sorted vector ⁇ (t) to each integer of 1 or more and min (g, m) ⁇ 1 or less.
- the i-th element ⁇ (t) i of the sorted vector ⁇ (t) is set to the i-th element of the vector s because the sum of the values of the value attribute v belonging to each of the 0th to i-th groups is set.
- the element s i the sum of the values of the value attribute v belonging to the i-th group is set.
- the sum calculation unit 15 outputs the share [s] of the sum s to the output unit 16.
- step S16 the output unit 16 of each secret computing device 1 n outputs the share [s] of the sum s.
- a bit decomposition unit 21, a group sort generation unit 22, a bit string sort unit 23, a flag generation unit 24, a key aggregation sort generation unit 25, and a value sort unit 26 are included. Only differences from the secret aggregation total system 100 of the embodiment will be described below.
- each secret computing device 2 n has shares [k 0 ],..., [K nk-1 , in which n k key attributes k 0 ,..., K nk-1 ⁇ F m are concealed by secret sharing. ] ⁇ [F] m and, n a number of value attributes v 0, ..., v na- 1 ⁇ F m share was concealed respectively by secret dispersion [v 0], ..., [ v na-1] ⁇ [F ] Takes m as input. However, n k, n a represents an integer of 1 or more.
- Input unit 10 key attribute k 0, ..., k nk- 1 share [k 0], ..., and outputs the bit decomposition section 21 [k nk-1].
- ⁇ b i ⁇ is the i-th element [k 0, i ],..., each of the shares [k 0 ],..., [k nk-1 ] of the key attributes k 0 ,..., k nk-1 . It is a bit string that combines the bit representations of [k nk-1, i ].
- the bit decomposition unit 21 outputs the share ⁇ b ⁇ of the bit string b to the group sort generation unit 22.
- the group sort generation unit 22 of each secret computing device 2 n uses the share ⁇ b ⁇ of the bit string b to restore a share ⁇ 0 ⁇ ⁇ that becomes a replacement ⁇ 0 for stable sorting of the bit string b in ascending order when restored. Generate ⁇ S m ⁇ . Since the bit string b is a combination of the bit representations of the key attributes k 0 ,..., k nk ⁇ 1 , the replacement ⁇ 0 is made so that records having the same value of the key attributes k 0 ,..., k nk-1 are consecutive. It can be said that it is an operation of rearranging and grouping.
- the group sort generation unit 22 outputs the share ⁇ b ⁇ of the bit string b and the share ⁇ 0 ⁇ of the replacement ⁇ 0 to the bit string sort unit 23. Further, the group sort generation unit 22 outputs the share ⁇ 0 ⁇ of the replacement ⁇ 0 to the value sort unit 26.
- the bit string sorting unit 23 outputs the share ⁇ b ′ ⁇ of the sorted bit string b ′ to the flag generation unit 24.
- Flag e i because true is set when the sorted bit sequence b 'i th element b of' i is i + 1 th element b 'i + 1 is different from the last element of each group (i.e., Group It is a flag indicating the element immediately before the boundary between them.
- the flag generation unit 24 outputs the share ⁇ e ⁇ of the flag e to the key aggregation sort generation unit 25. Further, the flag generation unit 24 outputs the share ⁇ e ⁇ of the flag e to the flag conversion unit 12.
- the key aggregation / sort generation unit 25 of each secret computing device 2 n first uses the share ⁇ e ⁇ of the flag e to restore a share ⁇ e ′ ⁇ ⁇ ⁇ that becomes a flag e ′ that is a negative e of the flag e when restored.
- the key aggregation / sort generation unit 25 uses the share ⁇ e ′ ⁇ of the flag e ′ to restore a share ⁇ ⁇ ⁇ that becomes a replacement ⁇ for stably sorting the flag e ′ in ascending order when restored.
- S m ⁇ .
- the key aggregation sort generation unit 25 outputs the share ⁇ of the replacement ⁇ to the value sort unit 26. Further, the key aggregation sort generation unit 25 outputs the share ⁇ of the replacement ⁇ to the sorting unit 14.
- the value sorting unit 26 of each secret computing device 2 n uses the share [v 0 ],..., [V na-1 ] of the value attributes v 0 ,..., V na-1 and the share of the replacement ⁇ 0 ⁇ 0 ⁇ ⁇ , The share [v " 0 ], which becomes the sorted value attribute v" 0 ,..., v " na-1 sorted by the replacement ⁇ 0 when the value attribute v 0 ,..., v na-1 is restored. ..., [V " na-1 ] is generated.
- the value sort unit 26 calculates the sum for each group among the shares [v “ 0 ], ..., [v” na-1 ] of the sorted value attributes v " 0 , ..., v" na-1. Output to the prefix sum unit 11 as a share [v] of the value attribute v.
- the program describing the processing contents can be recorded on a computer-readable recording medium.
- a computer-readable recording medium for example, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.
- this program is distributed, for example, by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Furthermore, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores a program recorded on a portable recording medium or a program transferred from a server computer in its own storage device. When executing the process, this computer reads the program stored in its own storage device and executes the process according to the read program.
- the computer may directly read the program from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to the computer. Each time, the processing according to the received program may be executed sequentially.
- the program is not transferred from the server computer to the computer, and the above processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good.
- ASP Application Service Provider
- the program in this embodiment includes information that is used for processing by an electronic computer and that conforms to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).
- the present apparatus is configured by executing a predetermined program on a computer.
- a predetermined program on a computer.
- at least a part of these processing contents may be realized by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
<実施形態>
図1を参照して、実施形態の秘密集約総和システム100の構成例を説明する。秘密集約総和システム100は、N(≧2)台の秘密計算装置11, …, 1Nを含む。本形態では、秘密計算装置11, …, 1Nはそれぞれ通信網9へ接続される。通信網9は、接続される各装置が相互に通信可能なように構成された回線交換方式もしくはパケット交換方式の通信網であり、例えばインターネットやLAN(Local Area Network)、WAN(Wide Area Network)などを用いることができる。なお、各装置は必ずしも通信網9を介してオンラインで通信可能である必要はない。例えば、秘密計算装置11, …, 1Nへ入力する情報を磁気テープやUSBメモリなどの可搬型記録媒体に記憶し、その可搬型記録媒体から秘密計算装置11, …, 1Nへオフラインで入力するように構成してもよい。
上記の実施形態では、入力部10へバリュー属性vのシェア[v]とフラグeのシェア{e}と置換σのシェア{{σ}}とが入力される構成を説明した。変形例では、入力部10へテーブルを秘密分散等により秘匿したシェアが入力され、バリュー属性vのシェア[v]とフラグeのシェア{e}と置換σのシェア{{σ}}とを求めてから、上記の実施形態で説明した手順に従ってgroup-by総和を計算する構成を説明する。
上記実施形態で説明した各装置における各種の処理機能をコンピュータによって実現する場合、各装置が有すべき機能の処理内容はプログラムによって記述される。そして、このプログラムをコンピュータで実行することにより、上記各装置における各種の処理機能がコンピュータ上で実現される。
Claims (5)
- 複数の秘密計算装置を含む秘密集約総和システムであって、
mは2以上の整数であり、[v]:=[v0], …, [vm-1]はキー属性とバリュー属性とからなるテーブルを上記キー属性の値に基づいてソートしたときの所望のバリュー属性v:=v0, …,vm-1を秘密分散したシェアであり、[e]:=[e0], …, [em-1]は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が真、その他の要素が偽であるフラグe:=e0, …, em-1を秘密分散したシェアであり、{{σ}}は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が先頭から順に並ぶように移動する置換σを秘密分散したシェアであり、gは上記グループの最大数であり、
上記秘密計算装置は、
上記シェア[v]を用いて、0以上m-1以下の各整数iについてv'iにv0からviまでの総和を設定して、復元するとベクトルv':=v'0, …, v'm-1となるシェア[v']を生成するプレフィックスサム部と、
上記シェア[v']と上記シェア[e]とを用いて、0以上m-1以下の各整数iについて[ei]が真ならば[ti]に[v'i]を設定し、[ei]が偽ならば[ti]に[v'm-1]を設定して、復元するとベクトルt:=t0, …, tm-1となるシェア[t]を生成するフラグ適用部と、
上記シェア[t]と上記シェア{{σ}}とを用いて、復元すると上記ベクトルtを上記置換σでソートしたソート済みベクトルσ(t)となるシェア[σ(t)]を生成するソート部と、
上記シェア[σ(t)]を用いて、1以上min(g,m)-1以下の各整数iについて[si]:=[σ(t)i-σ(t)i-1]を設定し、かつ、[s0]:=[σ(t)0]を設定して、復元するとグループ毎のバリュー属性vの総和を表すベクトルs:=s0, …, smin(g,m)-1となるシェア[s]を生成する総和計算部と、
を含む秘密集約総和システム。 - 請求項1に記載の秘密集約総和システムであって、
Fは任意の環であり、nkは1以上の整数であり、[k0], …, [knk-1]はキー属性k0, …, knk-1∈Fmを秘密分散したシェアであり、[v"]は上記テーブルを上記キー属性の値に基づいてソートする前の所望のバリュー属性v"∈Fmを秘密分散したシェアであり、
上記秘密計算装置は、
上記シェア[k0], …, [knk-1]を用いて、復元すると上記キー属性k0, …, knk-1をビット分解して結合したビット列b:=b0, …, bm-1となるシェア{b}から、復元すると上記ビット列bを昇順に安定ソートする置換σ0となるシェア{{σ0}}を生成するグループソート生成部と、
上記シェア{b}と上記シェア{{σ0}}とを用いて、復元すると上記ビット列bを上記置換σ0でソートしたソート済みビット列b':=b'0, …, b'm-1となるシェア{b'}を生成するビット列ソート部と、
上記シェア{b'}を用いて、0以上m-2以下の各整数iについて{ei}:={b'i≠b'i+1}を設定し、かつ、{em-1}:={1}を設定して、復元すると上記フラグe:=e0, …, em-1となる上記シェア{e}を生成するフラグ生成部と、
上記シェア{e}を用いて、復元すると上記フラグeの否定¬eを昇順に安定ソートする上記置換σとなる上記シェア{{σ}}を生成するキー集約ソート生成部と、
上記シェア[v"]と上記シェア{{σ0}}とを用いて、復元すると上記バリュー属性v"を上記置換σ0でソートした上記バリュー属性vとなるシェア[v]を生成するバリューソート部と、
をさらに含む秘密集約総和システム。 - mは2以上の整数であり、[v]:=[v0], …, [vm-1]はキー属性とバリュー属性とからなるテーブルを上記キー属性の値に基づいてソートしたときの所望のバリュー属性v:=v0, …,vm-1を秘密分散したシェアであり、[e]:=[e0], …, [em-1]は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が真、その他の要素が偽であるフラグe:=e0, …, em-1を秘密分散したシェアであり、{{σ}}は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が先頭から順に並ぶように移動する置換σを秘密分散したシェアであり、gは上記グループの最大数であり、
上記シェア[v]を用いて、0以上m-1以下の各整数iについてv'iにv0からviまでの総和を設定して、復元するとベクトルv':=v'0, …, v'm-1となるシェア[v']を生成するプレフィックスサム部と、
上記シェア[v']と上記シェア[e]とを用いて、0以上m-1以下の各整数iについて[ei]が真ならば[ti]に[v'i]を設定し、[ei]が偽ならば[ti]に[v'm-1]を設定して、復元するとベクトルt:=t0, …, tm-1となるシェア[t]を生成するフラグ適用部と、
上記シェア[t]と上記シェア{{σ}}とを用いて、復元すると上記ベクトルtを上記置換σでソートしたソート済みベクトルσ(t)となるシェア[σ(t)]を生成するソート部と、
上記シェア[σ(t)]を用いて、1以上min(g,m)-1以下の各整数iについて[si]:=[σ(t)i-σ(t)i-1]を設定し、かつ、[s0]:=[σ(t)0]を設定して、復元するとグループ毎のバリュー属性vの総和を表すベクトルs:=s0, …, smin(g,m)-1となるシェア[s]を生成する総和計算部と、
を含む秘密計算装置。 - 複数の秘密計算装置を含む秘密集約総和システムが実行する秘密集約総和方法であって、
mは2以上の整数であり、[v]:=[v0], …, [vm-1]はキー属性とバリュー属性とからなるテーブルを上記キー属性の値に基づいてソートしたときの所望のバリュー属性v:=v0, …,vm-1を秘密分散したシェアであり、[e]:=[e0], …, [em-1]は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が真、その他の要素が偽であるフラグe:=e0, …, em-1を秘密分散したシェアであり、{{σ}}は上記テーブルを上記キー属性の値に基づいてグループ分けしたときに各グループの最後の要素が先頭から順に並ぶように移動する置換σを秘密分散したシェアであり、gは上記グループの最大数であり、
上記秘密計算装置のプレフィックスサム部が、上記シェア[v]を用いて、0以上m-1以下の各整数iについてv'iにv0からviまでの総和を設定して、復元するとベクトルv':=v'0, …, v'm-1となるシェア[v']を生成し、
上記秘密計算装置のフラグ適用部が、上記シェア[v']と上記シェア[e]とを用いて、0以上m-1以下の各整数iについて[ei]が真ならば[ti]に[v'i]を設定し、[ei]が偽ならば[ti]に[v'm-1]を設定して、復元するとベクトルt:=t0, …, tm-1となるシェア[t]を生成し、
上記秘密計算装置のソート部が、上記シェア[t]と上記シェア{{σ}}とを用いて、復元すると上記ベクトルtを上記置換σでソートしたソート済みベクトルσ(t)となるシェア[σ(t)]を生成し、
上記秘密計算装置の総和計算部が、上記シェア[σ(t)]を用いて、1以上min(g,m)-1以下の各整数iについて[si]:=[σ(t)i-σ(t)i-1]を設定し、かつ、[s0]:=[σ(t)0]を設定して、復元するとグループ毎のバリュー属性vの総和を表すベクトルs:=s0, …, smin(g,m)-1となるシェア[s]を生成する、
秘密集約総和方法。 - 請求項3に記載の秘密計算装置としてコンピュータを機能させるためのプログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201980027620.5A CN112020737B (zh) | 2018-04-25 | 2019-04-22 | 秘密聚合总计***及其方法、秘密计算装置、记录介质 |
US17/049,341 US11595194B2 (en) | 2018-04-25 | 2019-04-22 | Secure aggregate sum system, secure computation apparatus, secure aggregate sum method, and program |
AU2019259260A AU2019259260B2 (en) | 2018-04-25 | 2019-04-22 | Secure aggregate sum system, secure computation apparatus, secure aggregate sum method, and program |
JP2020516336A JP6973632B2 (ja) | 2018-04-25 | 2019-04-22 | 秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム |
EP19792068.9A EP3786926B1 (en) | 2018-04-25 | 2019-04-22 | Secure aggregate sum system, secure computation device, secure aggregate sum method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2018-084114 | 2018-04-25 | ||
JP2018084114 | 2018-04-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019208484A1 true WO2019208484A1 (ja) | 2019-10-31 |
Family
ID=68294898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2019/016985 WO2019208484A1 (ja) | 2018-04-25 | 2019-04-22 | 秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US11595194B2 (ja) |
EP (1) | EP3786926B1 (ja) |
JP (1) | JP6973632B2 (ja) |
CN (1) | CN112020737B (ja) |
AU (1) | AU2019259260B2 (ja) |
WO (1) | WO2019208484A1 (ja) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022079909A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密グループ分け装置、秘密グループ分けシステム、秘密グループ分け方法、及びプログラム |
WO2022079908A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
WO2022079907A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木学習装置、秘密決定木学習システム、秘密決定木学習方法、及びプログラム |
WO2022079911A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
WO2022264237A1 (ja) * | 2021-06-14 | 2022-12-22 | 日本電信電話株式会社 | 累積計算装置、累積計算方法、及びプログラム |
WO2023157118A1 (ja) * | 2022-02-16 | 2023-08-24 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
WO2023157117A1 (ja) * | 2022-02-16 | 2023-08-24 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
WO2023233516A1 (ja) * | 2022-05-31 | 2023-12-07 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012154968A (ja) * | 2011-01-21 | 2012-08-16 | Nippon Telegr & Teleph Corp <Ntt> | セキュア集合関数システム、秘密集合関数装置、セキュア集合関数処理方法、セキュア集合関数プログラム |
JP2014164144A (ja) * | 2013-02-26 | 2014-09-08 | Nippon Telegr & Teleph Corp <Ntt> | 秘密表除算装置及び方法 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7499544B2 (en) * | 2003-11-03 | 2009-03-03 | Microsoft Corporation | Use of isogenies for design of cryptosystems |
US8468244B2 (en) * | 2007-01-05 | 2013-06-18 | Digital Doors, Inc. | Digital information infrastructure and method for security designated data and with granular data stores |
US8667269B2 (en) * | 2010-04-02 | 2014-03-04 | Suridx, Inc. | Efficient, secure, cloud-based identity services |
JP6108970B2 (ja) * | 2013-06-10 | 2017-04-05 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | データ再生成装置、データ再生成方法およびプログラム |
JP6009697B2 (ja) * | 2014-01-17 | 2016-10-19 | 日本電信電話株式会社 | 秘密計算方法、秘密計算システム、ソート装置及びプログラム |
JP5957120B1 (ja) * | 2015-05-12 | 2016-07-27 | 日本電信電話株式会社 | 秘密分散方法、秘密分散システム、分散装置、およびプログラム |
US11062215B2 (en) * | 2017-03-17 | 2021-07-13 | Microsoft Technology Licensing, Llc | Using different data sources for a predictive model |
US11057209B2 (en) * | 2018-02-28 | 2021-07-06 | Vmware, Inc. | Methods and systems that efficiently and securely store data |
US11070374B2 (en) * | 2018-02-28 | 2021-07-20 | Vmware, Inc. | Methods and systems that efficiently and securely store encryption keys |
-
2019
- 2019-04-22 AU AU2019259260A patent/AU2019259260B2/en active Active
- 2019-04-22 CN CN201980027620.5A patent/CN112020737B/zh active Active
- 2019-04-22 US US17/049,341 patent/US11595194B2/en active Active
- 2019-04-22 EP EP19792068.9A patent/EP3786926B1/en active Active
- 2019-04-22 JP JP2020516336A patent/JP6973632B2/ja active Active
- 2019-04-22 WO PCT/JP2019/016985 patent/WO2019208484A1/ja unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012154968A (ja) * | 2011-01-21 | 2012-08-16 | Nippon Telegr & Teleph Corp <Ntt> | セキュア集合関数システム、秘密集合関数装置、セキュア集合関数処理方法、セキュア集合関数プログラム |
JP2014164144A (ja) * | 2013-02-26 | 2014-09-08 | Nippon Telegr & Teleph Corp <Ntt> | 秘密表除算装置及び方法 |
Non-Patent Citations (5)
Title |
---|
DAI IKARASHIKOJI CHIDAKOKI HAMADAKATSUMI TAKAHASHI: "Secure Database Operations Using An Improved 3-party Verifiable Secure Function Evaluation", THE 2011 SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY, 2011 |
DAI IKARASHIKOKI HAMADARYO KIKUCHIKOJI CHIDA: "A Design and an Implementation of Super-high-speed Multi-party Sorting: The Day When Multi-party Computation Reaches Scripting Languages", COMPUTER SECURITY SYMPOSIUM, 2017 |
HAMADA, KOKI ET AL.: "Improved Algorithms for Computing Relational Algebra Operators for Secure Function Evaluation", IEICE TECHNICAL REPORT, vol. 112, no. 466, 28 February 2013 (2013-02-28), pages 77 - 82, XP009523657 * |
HAMADA, KOKI ET AL.: "MEVAL: A Practically Efficient System for Secure Multi- Party Statistical Analysis", PROCEEDINGS OF COMPUTER SECURITY SYMPOSIUM 2013, vol. 2013, no. 4, October 2013 (2013-10-01), pages 777 - 784, XP055647411 * |
See also references of EP3786926A4 |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2020472681B2 (en) * | 2020-10-16 | 2024-02-15 | Nippon Telegraph And Telephone Corporation | Secret decision tree testing device, secret decision tree testing system, secret decision tree testing method, and program |
WO2022079908A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
WO2022079907A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木学習装置、秘密決定木学習システム、秘密決定木学習方法、及びプログラム |
WO2022079911A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
AU2020472445B2 (en) * | 2020-10-16 | 2023-11-30 | Nippon Telegraph And Telephone Corporation | Hidden decision tree test device, hidden decision tree test system, hidden decision tree test method, and program |
WO2022079909A1 (ja) * | 2020-10-16 | 2022-04-21 | 日本電信電話株式会社 | 秘密グループ分け装置、秘密グループ分けシステム、秘密グループ分け方法、及びプログラム |
JP7491390B2 (ja) | 2020-10-16 | 2024-05-28 | 日本電信電話株式会社 | 秘密グループ分け装置、秘密グループ分けシステム、秘密グループ分け方法、及びプログラム |
JP7494932B2 (ja) | 2020-10-16 | 2024-06-04 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
JP7505570B2 (ja) | 2020-10-16 | 2024-06-25 | 日本電信電話株式会社 | 秘密決定木テスト装置、秘密決定木テストシステム、秘密決定木テスト方法、及びプログラム |
WO2022264237A1 (ja) * | 2021-06-14 | 2022-12-22 | 日本電信電話株式会社 | 累積計算装置、累積計算方法、及びプログラム |
WO2023157118A1 (ja) * | 2022-02-16 | 2023-08-24 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
WO2023157117A1 (ja) * | 2022-02-16 | 2023-08-24 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
WO2023233516A1 (ja) * | 2022-05-31 | 2023-12-07 | 日本電信電話株式会社 | 秘密計算装置、秘密計算方法、プログラム |
Also Published As
Publication number | Publication date |
---|---|
CN112020737A (zh) | 2020-12-01 |
JP6973632B2 (ja) | 2021-12-01 |
EP3786926B1 (en) | 2023-06-14 |
US20210058239A1 (en) | 2021-02-25 |
CN112020737B (zh) | 2023-08-08 |
AU2019259260B2 (en) | 2021-07-15 |
AU2019259260A1 (en) | 2020-11-12 |
JPWO2019208484A1 (ja) | 2021-04-22 |
EP3786926A1 (en) | 2021-03-03 |
EP3786926A4 (en) | 2022-01-26 |
US11595194B2 (en) | 2023-02-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019208484A1 (ja) | 秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム | |
JP6989006B2 (ja) | 秘密集約関数計算システム、秘密計算装置、秘密集約関数計算方法、およびプログラム | |
WO2019208485A1 (ja) | 秘密集約最大値システム、秘密集約最小値システム、秘密計算装置、秘密集約最大値方法、秘密集約最小値方法、およびプログラム | |
WO2019203262A1 (ja) | 秘密集約順位システム、秘密計算装置、秘密集約順位方法、およびプログラム | |
WO2019208486A1 (ja) | 秘密集約中央値システム、秘密計算装置、秘密集約中央値方法、およびプログラム | |
WO2019221108A1 (ja) | 秘密クロス集計システム、秘密計算装置、秘密クロス集計方法、およびプログラム | |
EP3246900B1 (en) | Matrix and key generation device, matrix and key generation system, matrix coupling device, matrix and key generation method, and program | |
CN114817954A (zh) | 图像的处理方法、***和装置 | |
JP7081663B2 (ja) | 秘密結合システム、方法、秘密計算装置及びプログラム | |
US20240184577A1 (en) | Secret calculation system, apparatus, method and program | |
JP6911929B2 (ja) | 秘匿ソートシステム及び方法 | |
WO2019188320A1 (ja) | 秘密重複排除フィルタ生成システム、秘密重複排除システム、これらの方法、秘密計算装置及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19792068 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2020516336 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2019259260 Country of ref document: AU Date of ref document: 20190422 Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2019792068 Country of ref document: EP Effective date: 20201125 |