CN117978361A

CN117978361A - Cloud-based privacy computing method and device, electronic equipment and readable medium

Info

Publication number: CN117978361A
Application number: CN202410266348.9A
Authority: CN
Inventors: 高思琪; 周一竞; 卞杰; 黄翠婷; 陈涛; 祝伟; 蒋韬
Original assignee: Tongdun Technology Co ltd
Current assignee: Tongdun Technology Co ltd
Priority date: 2024-03-08
Filing date: 2024-03-08
Publication date: 2024-05-03

Abstract

The disclosure relates to a cloud-based privacy computing method, a cloud-based privacy computing device, electronic equipment and a readable medium, and relates to the technical field of computers. In the method, an initiator and a first partner determine an elliptic curve shared key based on a preset elliptic curve parameter so as to execute elliptic curve scalar multiplication on a first identification data set and a second identification data set to obtain first intermediate state data and second intermediate state data; the initiator homomorphic encrypts the first intermediate state data and then uploads the first encrypted data to the cloud end, and the first partner uploads the second intermediate state data to the cloud end, so that the cloud end calculates a zero-degree polynomial based on the second intermediate state data and substitutes the zero-degree polynomial into the first encrypted data to calculate and obtain second encrypted data, and the initiator obtains the second encrypted data and then decrypts to obtain a first intersection. According to the method, a one-way function is constructed through elliptic curve key negotiation, so that the reverse calculation difficulty is high, and privacy disclosure of a partner is avoided; moreover, the computing tasks are hosted at the cloud, so that the deployment cost is reduced, and the method is efficient and flexible.

Description

Cloud-based privacy computing method and device, electronic equipment and readable medium

Technical Field

The disclosure relates to the technical field of computers, in particular to a cloud-based privacy computing method, a cloud-based privacy computing device, electronic equipment and a computer readable medium.

Background

Privacy set intersection (PRIVATE SET Intersection, PSI) refers to a privacy computing technology for computing intersection between two or more participants under the condition that private information data of the participants are not exposed, and relates to various application scenes such as cross-domain information recommendation, identity verification, federal learning and the like.

At present, data products for privacy set intersection are usually deployed in local environments of participants to be executed, and custom development is often required, so that the deployment and maintenance costs of the data products in multiple participants are high, the efficiency is low and the flexibility is poor.

Disclosure of Invention

The disclosure aims to provide a privacy computing method based on a cloud, a privacy computing device based on the cloud, electronic equipment and a computer readable medium.

According to a first aspect of the present disclosure, there is provided a cloud-based privacy computing method, the method being applicable to an initiator, the initiator holding a first identification data set, the method may include: determining, with the first partner, an elliptic curve shared key based on the predetermined elliptic curve parameters; the first partner holds a second identification data set; performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain first intermediate state data; homomorphic encryption is carried out on the first intermediate state data by adopting a homomorphic public key, so as to obtain first encrypted data; sending the first encrypted data to the cloud so that the cloud calculates a zero-change polynomial based on the second intermediate state data and calculates the first encrypted data in the zero-change polynomial to obtain second encrypted data; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on the second identification data set based on the elliptic curve shared key and is provided for the cloud; and obtaining second encrypted data from the cloud, decrypting the second encrypted data based on the homomorphic private key, and determining a first intersection containing coincident elements between the first identification data set and the second identification data set.

Optionally, determining, with the first partner, an elliptic curve shared key based on predetermined elliptic curve parameters, comprising: generating a first private key, and calculating to obtain a first public key based on a preset elliptic curve parameter and the first private key; providing a first public key for the first partner, and obtaining a second public key from the first partner, wherein the second public key is obtained by the first partner based on the second private key and a preset elliptic curve parameter, and the second private key is generated by the first partner; an elliptic curve shared key is calculated based on the first private key and the second public key.

Optionally, before sending the first encrypted data to the cloud, the method further includes: the first encrypted data is encoded using SIMD techniques.

Optionally, performing elliptic curve scalar multiplication on the first set of identification data based on the elliptic curve shared key to obtain first intermediate state data includes: and performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extracting hash values of the ordinate to obtain first intermediate state data.

Optionally, homomorphic public key is adopted to homomorphic encrypt the first intermediate state data to obtain first encrypted data, which includes: mapping the first intermediate state data into a hash table by adopting a preset hash function based on a cuckoo hash algorithm; and encrypting the first intermediate state data in the hash table by adopting the homomorphic public key to obtain first encrypted data.

According to a second aspect of the present disclosure, there is provided a cloud-based privacy computing method, the method being applicable to an initiator, the initiator holding a first identification dataset, the method comprising: determining, with the second partner, an elliptic curve shared key based on the predetermined elliptic curve parameters; the second partner holds a third identification data set and a characteristic data set corresponding to the third identification data set; performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key; homomorphic encryption is carried out on the third intermediate state data by adopting a homomorphic public key, so as to obtain third encrypted data; providing third encrypted data to the cloud end, so that the cloud end calculates a zero-change polynomial based on the fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data, calculates the third encrypted data in the zero-change polynomial to obtain fifth encrypted data, and calculates the third encrypted data in the interpolation polynomial to obtain sixth encrypted data; the fourth encrypted data is obtained by encrypting the characteristic data set by the second partner based on the characteristic encryption key, and the fourth intermediate state data and the characteristic encryption key are obtained by performing elliptic curve scalar multiplication on the third identification data set by the second partner based on the elliptic curve shared key; and obtaining fifth encrypted data and sixth encrypted data from the cloud, decrypting the fifth encrypted data based on the homomorphic private key, determining a second intersection containing coincident elements between the first identification data set and the third identification data set, decrypting the sixth encrypted data based on the characteristic encryption key, and determining a characteristic data set corresponding to the second intersection.

Optionally, performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and the feature encryption key, including: performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key and extracting a hash value of the ordinate; and cutting each hash value to respectively determine third intermediate state data and a characteristic encryption key.

According to a third aspect of the present disclosure, there is provided a cloud-based privacy computing device that may be applied to an initiator holding a first set of identification data, the device may include: an elliptic shared key module for determining an elliptic curve shared key with the first partner based on predetermined elliptic curve parameters; the first partner holds a second identification data set; the intermediate state calculation module is used for executing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared secret key to obtain first intermediate state data; the homomorphic encryption module is used for homomorphic encrypting the first intermediate-state data by adopting a homomorphic public key to obtain first encrypted data; the transmission module is used for sending the first encrypted data to the cloud so that the cloud calculates a zero-change polynomial based on the second intermediate state data and determines second encrypted data calculated by the first encrypted data in the zero-change polynomial; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on the second identification data set based on the elliptic curve shared key and is provided for the cloud; and the decryption module is used for obtaining second encrypted data from the cloud and decrypting the second encrypted data based on the homomorphic private key to determine a first intersection containing coincident elements between the first identification data set and the second identification data set.

Optionally, the elliptic shared key module is specifically configured to generate a first private key, and calculate to obtain a first public key based on a predetermined elliptic curve parameter and the first private key; providing a first public key for the first partner, and obtaining a second public key from the first partner, wherein the second public key is obtained by the first partner based on the second private key and a preset elliptic curve parameter, and the second private key is generated by the first partner; an elliptic curve shared key is calculated based on the first private key and the second public key.

Optionally, the apparatus may further comprise a SIMD encoding module for encoding the first encrypted data using SIMD techniques.

Optionally, the intermediate state calculating module is specifically configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extract a hash value of an ordinate to obtain the first intermediate state data.

Optionally, the homomorphic encryption module is used for mapping the first intermediate state data into a hash table by adopting a predetermined hash function based on a cuckoo hash algorithm; and encrypting the first intermediate state data in the hash table by adopting the homomorphic public key to obtain first encrypted data.

According to a fourth aspect of the present disclosure, there is provided a cloud-based privacy computing device that may be applied to an initiator holding a first identification dataset, the device may include: an elliptic shared key module for determining an elliptic curve shared key with the second partner based on predetermined elliptic curve parameters; the second partner holds a third identification data set and a characteristic data set corresponding to the third identification data set; the intermediate state calculation module is used for executing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key; the homomorphic encryption module is used for homomorphic encrypting the third intermediate-state data by adopting a homomorphic public key to obtain third encrypted data; the transmission module is used for providing third encrypted data for the cloud end so that the cloud end calculates a zero-change polynomial based on the fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data, and determines fifth encrypted data calculated by the third encrypted data in the zero-change polynomial and sixth encrypted data calculated by the interpolation polynomial; the fourth encrypted data is obtained by encrypting the characteristic data set by the second partner based on the characteristic encryption key, and the fourth intermediate state data and the characteristic encryption key are obtained by performing elliptic curve scalar multiplication on the third identification data set by the second partner based on the elliptic curve shared key; the decryption module is used for obtaining fifth encrypted data and sixth encrypted data from the cloud, decrypting the fifth encrypted data based on the homomorphic private key, determining a second intersection containing coincident elements between the first identification data set and the third identification data set, decrypting the sixth encrypted data based on the characteristic encryption key, and determining a characteristic data set corresponding to the second intersection.

Optionally, the intermediate state computing module is specifically configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extract a hash value of the ordinate; and cutting each hash value to respectively determine third intermediate state data and a characteristic encryption key.

According to a fifth aspect of the present disclosure, there is provided an electronic device comprising:

A processor; and

A memory for storing a computer program of the processor;

Wherein the processor is configured to implement the cloud-based privacy calculation method as any of the first aspect, the second aspect, via execution of the computer program.

According to a sixth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the cloud-based privacy calculation method of any of the first and second aspects.

According to a seventh aspect of the present disclosure, there is provided a computer program product, which when run on an electronic device, causes the electronic device to perform a cloud-based privacy calculation method as implementing any of the first and second aspects.

According to the cloud-based privacy computing method, an initiator and a first partner can locally perform pre-computation, an elliptic curve shared key is determined based on a preset elliptic curve parameter, so that elliptic curve scalar multiplication is respectively performed on a first identification data set and a second identification data set which are held by the initiator and the first partner, and corresponding first intermediate state data and second intermediate state data are obtained; the initiator homomorphic encrypts the first intermediate state data and then uploads the first encrypted data to the cloud end, and the first partner uploads the second intermediate state data to the cloud end, so that the cloud end calculates a zero-degree polynomial based on the second intermediate state data and substitutes the zero-degree polynomial into the first encrypted data to perform polynomial calculation to obtain the second encrypted data, and the initiator obtains the second encrypted data and then decrypts the second encrypted data to obtain the first intersection. In the method, the initiator and the partner carry out elliptic curve scalar multiplication processing on the local identification data set by using an elliptic curve shared key, so that the local identification data set is difficult to carry out inverse calculation, and the private information of the partner is prevented from being revealed to the cloud and the initiator on the basis of not influencing subsequent calculation; and a large number of complex polynomial computing tasks are hosted for cloud execution, so that the cloud computing can be performed more efficiently on a larger scale, and data products of privacy computation do not need to be deployed and maintained locally on each participant, thereby effectively reducing the application cost and improving the computing efficiency and flexibility.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.

Fig. 1 is a flowchart illustrating steps of a cloud-based privacy calculation method according to an embodiment of the present disclosure.

Fig. 2 is a second flowchart of a step of a cloud-based privacy calculation method according to an embodiment of the disclosure.

Fig. 3 is one of the interaction flow diagrams of the cloud-based privacy calculation method according to the embodiment of the disclosure.

Fig. 4 is a third flowchart of a step of a cloud-based privacy calculation method according to an embodiment of the present disclosure.

Fig. 5 is a second schematic interaction flow diagram of a cloud-based privacy computing method according to an embodiment of the disclosure.

Fig. 6 is a block diagram of a privacy computing device based on cloud according to an embodiment of the disclosure.

Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present disclosure. However, those skilled in the art will recognize that the aspects of the present disclosure may be practiced with one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

It should be noted that, the data obtained in the present disclosure, including the data such as the identification data set and the feature data set, are all accessed, collected, stored and applied to the subsequent analysis processing under the condition that the user or the party to which the related data belongs agrees and authorizes after explicitly informing the user or the party to which the related data belongs of the information such as the collection content, the data use, the processing mode and the like of the data, and the method of accessing, correcting and deleting the data can be sent to the user or the party to which the related data belongs.

In the embodiment of the disclosure, privacy calculation refers to the process of data transmission, processing and calculation among different parties under the condition of ensuring data security and avoiding privacy disclosure. The data may be made available invisible when ownership, management and usage rights of the privacy information are separated. When the method is implemented based on the cloud, the method and the device enable the cloud to perform the secret state calculation on the data held by the participants under the condition that the data in the clear text is invisible through a mode of separating ownership and use rights of the privacy information, so that the safety of the privacy calculation is ensured. A person skilled in the art can realize different applications in the privacy computing field based on the scheme according to actual requirements, for example, under the coordination of a cloud, computing tasks such as privacy collection interaction, trace hiding query and the like among the participants can be completed.

Taking privacy set intersection (PRIVATE SET Intersection, PSI) as an example, PSI is typically used to calculate intersections of data held between different parties without exposing information local to the parties other than the intersections. When the initiator and the first partner perform privacy set intersection, the cloud-based privacy calculation method can be adopted. Specifically, taking an intersection between a first identification data set of an initiator and a second identification data set of a first partner as an example, fig. 1 is one of step flowcharts of a cloud-based privacy calculation method provided in an embodiment of the disclosure, the method may be applied to an initiator, where the initiator holds the first identification data set.

Step 101, determining an elliptic curve shared key with a first partner based on a predetermined elliptic curve parameter; the first partner holds a second set of identification data.

In the embodiment of the disclosure, the first partner may hold the second identification data set, and at this time, the initiator may initiate a private collection intersection to the second partner based on the held first identification data set, for example, the bank holds the identity set 1 of the depositor, and the transaction platform holds the identity set 2 of the buyer, so that the bank may initiate a private collection intersection to the transaction platform to determine the identity intersection of the transaction record existing at the transaction platform and having the deposit at the bank.

In an embodiment of the disclosure, when the privacy calculation based on the cloud end is performed on the privacy set, the calculation process may include local pre-calculation and cloud end calculation. The initiator and the first partner may perform preprocessing on the local identification data set in the local pre-calculation, where the preprocessing may include, for example, one-way functionalization to increase difficulty of reverse cracking, privacy desensitization to avoid other parties from obtaining privacy information from the calculation result, and the like. In an alternative embodiment, the process may be performed using the ECDH key Exchange (Elliptic Curve Diffie-HELLMAN KEY Exchange) protocol, which builds on a discrete logarithmic problem, i.e. based on a point P on a given elliptic curve, and an integer K, where q=kp is easily found, and solving K by Q, P is a problem. Specifically, the initiator and the first partner may negotiate with predetermined elliptic curve parameters, and calculate the elliptic curve shared key of the two parties without a shared secret. One skilled in the art may also construct one-way functions based on key exchange protocols constructed from other mathematical difficulties, without affecting subsequent computations, to protect data security in the process of hosting private computations to the cloud, such as RSA encryption algorithms based on the majority decomposition problem, etc.

Step 102, elliptic curve scalar multiplication is performed on the first identification data set based on the elliptic curve shared key, and first intermediate state data is obtained.

In the embodiment of the disclosure, after the initiator and the first partner respectively determine the elliptic curve sharing key, the initiator may perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve sharing key, that is, calculate the KP, to obtain first intermediate state data based on the first identification data set. In an alternative embodiment, the elliptic curve scalar multiplication may be binary scalar multiplication, window scalar multiplication, etc., and may be selected according to different demands of computational efficiency, computational effort overhead, etc. in practical applications.

Step 103, homomorphic encryption is carried out on the first intermediate state data by adopting a homomorphic public key, and first encrypted data are obtained.

In the embodiment of the disclosure, the initiator may further perform homomorphic encryption on the first intermediate-state data by adopting a homomorphic public key. The homomorphic public key can be generated by the initiator and the homomorphic private key together, the security of the first intermediate state data encrypted by the homomorphic public key is further improved, and the cloud can also carry out subsequent homomorphic operation based on the characteristics of ciphertext in homomorphic encryption. The initiator may select homomorphic encryption algorithms that are suitable for different requirements of data characteristics, computational efficiency, computational effort overhead, and the like, which are not particularly limited by the disclosed embodiments.

Step 104, sending the first encrypted data to the cloud so that the cloud calculates a zero-change polynomial based on the second intermediate state data, and calculates the first encrypted data in the zero-change polynomial to obtain second encrypted data; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on the second identification data set based on the elliptic curve shared key and provided to the cloud.

In the embodiment of the disclosure, the initiator may send the first encrypted data obtained after the elliptic scalar multiplication and homomorphic encryption processing to the cloud, and the cloud may also receive the second intermediate state data of the first partner after the elliptic scalar multiplication processing. Based on the first encrypted data and the second intermediate state data, the cloud end can calculate ciphertext and plaintext in a homomorphic encrypted state, so that second encrypted data which can represent an overlapping part between the first identification data set and the second identification data set in the ciphertext state is obtained. For example, the cloud may perform coefficient calculation of a zeroing polynomial on the second intermediate state data, and substitute the first encrypted data into the zeroing polynomial, thereby obtaining the second encrypted data.

In an alternative embodiment of the present disclosure, since the calculation of the higher-order power function in the homomorphic encryption process is also complicated and consumes high energy, a part of operations in the higher-order power operation, which do not involve plaintext information, may also be hosted to the cloud end for execution, for example, the initiator may perform a part of operations of the power function on the first intermediate-state data based on the homomorphic public key according to the requirement of actual calculation power overhead, and after uploading the homomorphic public key and the first encrypted data to the cloud end, the cloud end completes the remaining power function operations on the first encrypted data based on the homomorphic public key, so as to further improve the calculation efficiency.

Step 105, obtaining second encrypted data from the cloud, decrypting the second encrypted data based on the homomorphic private key, and determining a first intersection containing coincident elements between the first identification data set and the second identification data set.

In the embodiment of the disclosure, the initiator may acquire the second encrypted data returned by the cloud or download the second encrypted data from the cloud after the cloud determines the ciphertext calculation result, further decrypt the second encrypted data based on the homomorphic private key, and determine the superposition element of the first identification data set and the second identification data set based on the decryption result, further determine the first intersection, and the initiator cannot acquire the information of other elements except the superposition element in the second identification data set. If the initiator decrypts the plaintext result, then the element with the zero-ized polynomial calculation result of 0 in the first identification data set is marked into the first intersection as the coincident element, so that the privacy set intersection between the initiator and the first partner based on the cloud is realized.

Fig. 2 is a second flowchart of a step of a cloud-based privacy computing method according to an embodiment of the present disclosure, where the method may be applied to an initiator, and the initiator holds a first identification data set.

Step 201, a first private key is generated, and a first public key is obtained by calculation based on a predetermined elliptic curve parameter and the first private key.

In the embodiment of the disclosure, the predetermined elliptic curve parameter may refer to a base point of an elliptic curve, and in the process of the shared key negotiation, the initiator and the first partner use the same predetermined elliptic curve parameter, that is, select the same base point in the same finite field of the same elliptic curve. The base point may be predetermined by the initiator and the first partner, or may be issued by the cloud, which is not particularly limited in the embodiments of the present disclosure. When the shared key negotiation is started, the initiator can locally generate a first private key, the first private key can be a random integer, and the first public key held by the initiator is determined through calculation of a preset elliptic curve parameter and the first private key, so that the first public key can be seen to comprise the preset elliptic curve parameter and the first private key.

Step 202, providing a first public key to the first partner, and obtaining a second public key from the first partner, wherein the second public key is obtained by the first partner based on the second private key and a predetermined elliptic curve parameter, and the second private key is generated by the first partner. The first partner holds a second set of identification data.

Further, the initiator may provide the first public key to the first partner and obtain the second public key from the first partner, where the second public key is obtained by the first partner based on the second private key and the predetermined elliptic curve parameter, and the second private key is generated by the first partner, which may refer to the related description of the foregoing step 201, and is not repeated herein.

Step 203, calculating an elliptic curve shared key based on the first private key and the second public key.

In the embodiment of the disclosure, the initiator may calculate an elliptic curve shared key based on a first private key and a second public key, wherein the second public key includes a predetermined elliptic curve shared parameter and a second private key, and the elliptic curve shared key obtained by the initiator includes the first private key, the second private key and the predetermined elliptic curve parameter; and the first partner can also calculate the elliptic curve shared key based on the first public key and the second private key, wherein the first public key comprises the preset elliptic curve parameter and the first private key, and the elliptic curve shared key obtained by the first partner comprises the first private key, the second private key and the preset elliptic curve parameter. Thus, by shared key agreement, the initiator and the first partner obtain a consistent elliptic curve shared key without exchanging secrets.

Step 204, performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extracting a hash value of the ordinate to obtain first intermediate state data.

In the embodiment of the disclosure, the initiator may perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain a point set based on the first identification data set, and extract a hash value of each point in the point set as first intermediate state data. On the basis of generating the one-way function, the privacy desensitization is further carried out by adopting the hash processing, so that the data security is better protected, wherein the hash value extraction can be carried out by adopting the BLAKE2 hash algorithm. Other hashing algorithms, such as MD5, may also be employed by those skilled in the art, and embodiments of the present disclosure are not particularly limited.

Step 205, mapping the first intermediate state data into a hash table by adopting a predetermined hash function based on a cuckoo hash algorithm.

Further, in order to solve the problem of hash collision, a cuckoo hash algorithm may be used to process the first intermediate state data, a predetermined hash function is used to calculate a bucket index of the first intermediate state data in the hash table, and the bucket index is inserted into a bucket corresponding to the hash table, so that the first intermediate state data is mapped into the hash table. The predetermined hash function may be selected according to the requirement of data processing, for example, the number of hash functions may be selected to be 2,3,4, 5, etc. for mapping.

Taking 3 hash functions as an example to execute a cuckoo hash algorithm, respectively calculating hash indexes for data m in first intermediate state data based on the 3 hash functions, and inserting m into an empty bucket with the minimum sequence number when the empty bucket exists in the sub-bucket pointed by the hash indexes; when all the sub-buckets pointed by the 3 hash indexes are not empty, randomly selecting one of the 3 sub-buckets, taking out the inserted data n from the sub-bucket, inserting m, and re-executing the inserting process by the taken n until each first intermediate state data is inserted into the sub-bucket and mapped into the hash table.

Step 206, encrypting the first intermediate state data in the hash table by adopting the homomorphic public key to obtain first encrypted data.

In the embodiment of the disclosure, step 206 may correspond to the related description of step 103, and is not repeated here.

Step 207, encoding the first encrypted data by single instruction multiple data SIMD technology.

In the embodiment of the disclosure, the first encrypted data may be encoded and packaged by adopting a SIMD technology, and the vector may be encoded into a polynomial by the chinese remainder theorem. The SIMD supports vectorized data parallel processing, and by establishing a mapping relation between a polynomial and a group of vectors, the addition and multiplication operation based on the Chinese remainder theorem polynomial can be equivalent to the corresponding addition and multiplication operation of the mapped vectors, so that one-time polynomial calculation can support calculation among a plurality of vectors to support parallelized homomorphic calculation.

Step 208, sending the first encrypted data to the cloud end, so that the cloud end calculates a zero-change polynomial based on the second intermediate state data, and calculates the first encrypted data in the zero-change polynomial to obtain second encrypted data; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on the second identification data set based on the elliptic curve shared key and provided to the cloud.

In the embodiment of the disclosure, step 208 may correspond to the related description of step 104, and is not repeated here.

In order to support parallelization calculation, the cloud end can also adopt SIMD (single instruction multiple data) coding and packaging for the zeroing polynomial calculated based on the second intermediate state data, so that the cloud end can homomorphically calculate data on each hash index in the hash table in parallel.

In the embodiment of the disclosure, the cloud end can be a software platform adopting an application program virtualization technology, privacy calculation methods provided by the implementation of the disclosure are deployed, different participants are docked, privacy calculation among different participants can be assisted, calculation force expenditure is shared, and calculation efficiency is improved. For example, a SaaS (Software as a service) platform may be used as the cloud assisted privacy calculation, where the participant and the SaaS platform only share the right of use of data, and the SaaS platform cannot view or acquire plaintext data and other information of the participant while performing efficient and large-scale privacy calculation by using cloud high-performance computing resources, thereby ensuring privacy security.

Step 209, obtaining the second encrypted data from the cloud, and decrypting the second encrypted data based on the homomorphic private key to determine a first intersection containing the coincidence element between the first identification data set and the second identification data set.

In the embodiment of the present disclosure, step 209 may correspond to the related description of step 105, and is not repeated here.

Fig. 3 is one of the interaction flow diagrams of the cloud-based privacy computing method according to the embodiment of the present disclosure, and as shown in fig. 3, the method may be applied to the private collection interaction between the initiator and the first partner under the assistance of the cloud. The first identification data set x _A1 and the predetermined elliptic curve parameter G ₁ are held at the initiator and the second identification data set x _B1 and the predetermined elliptic curve parameter G ₁ are held at the first partner. Based on the foregoing description of steps 201 to 204, the interaction flow is as follows:

Step 301, a first private key d _A1 may be generated at the initiator, and a first public key H _A1＝d_A1G₁ is calculated based on G ₁、d_A1;

Similarly, step 302, a second private key d _B1 is generated at the first partner and a second public key H _B1＝d_B1G₁ is calculated based on G ₁、d_B1.

Step 303, the initiator may provide H _A1 to the first partner and obtain H _B1 of the first partner to calculate the elliptic curve shared key S ₁＝d_A1H_B1;

Similarly, in step 304, the first partner calculates an elliptic curve shared key S ₁＝d_B1H_A1.

Step 305, the initiator performs elliptic curve scalar multiplication on the basis of x _A1、S₁ to calculate x _A1S₁, and extracts a hash value of Blake2 on the ordinate to obtain first intermediate state data x' _A1;

similarly, in step 306, the first partner performs elliptic curve scalar multiplication on the basis of x _B1、S₁ to calculate x _B1S₁, and extracts the hash value of Blake2 on the ordinate to obtain the second intermediate state data x' _B1.

Step 307, the initiator further adopts a cuckoo hash algorithm to map x' _A1 into a hash table based on a hash function h ₁,h₂,h₃.

Step 308, the initiator generates a homomorphic public key and a homomorphic private key, encrypts x '_A1 in the hash table by adopting the homomorphic public key to obtain first encrypted data [ x' _A1 ], and packages the first encrypted data by SIMD (Single instruction multiple data) encoding.

After the initiator and the first partner perform local pre-calculation, the [ x '_A1]、x′_B1 can be uploaded to the cloud, and the cloud can read the [ x' _A1]、x′_B1 to perform homomorphic encryption privacy set intersection calculation. The cloud may process x' _B1.

As shown in step 309, x '_B1 is mapped to the hash table using the hash function h ₁,h₂,h₃ applied by the initiator, and the coefficients of the zeroing polynomial are calculated for x' _B1 of each sub-bucket in the hash table, which may be packed using SIMD encoding.

Further, in step 310, the cloud may substitute [ x '_A1 ] into the zeroing polynomial generated by x' _B1 to perform homomorphism calculation in each sub-bucket, so as to obtain the second encrypted data [ r _A1 ].

The [ r _A1 ] includes ciphertext of 0 or random number, and each ciphertext corresponds to the [ x' _A1 ] position one-to-one.

Step 311, the initiator may download [ r _A1 ] from the cloud, decrypt [ r _A1 ] based on the homomorphic private key, and obtain a plaintext result r _A1, if the ith plaintext result r _Ali =0, the corresponding x _Ali is in the first intersection x _C; otherwise, not. All elements x _Ali with r _Ali =0 are determined to constitute a first intersection x _C.

According to the cloud-based privacy computing method, an initiator and a first partner can locally perform pre-computation, an elliptic curve shared key is determined based on a preset elliptic curve parameter, so that elliptic curve scalar multiplication is performed on a first identification data set and a second identification data set which are respectively held, and corresponding first intermediate state data and second intermediate state data are obtained; the initiator homomorphic encrypts the first intermediate state data and then uploads the first encrypted data to the cloud end, and the first partner uploads the second intermediate state data to the cloud end, so that the cloud end calculates a zero-degree polynomial based on the second intermediate state data and substitutes the zero-degree polynomial into the first encrypted data to perform polynomial calculation to obtain the second encrypted data, and the initiator obtains the second encrypted data and then decrypts the second encrypted data to obtain the first intersection. In the method, the initiator and the partner carry out elliptic curve scalar multiplication processing on the local identification data set by using an elliptic curve shared key, so that the local identification data set is difficult to carry out inverse calculation, and the private information of the partner is prevented from being revealed to the cloud and the initiator on the basis of not influencing subsequent calculation; and a large number of complex polynomial computing tasks are hosted for cloud execution, so that the cloud computing can be performed more efficiently on a larger scale, and data products of privacy computation do not need to be deployed and maintained locally on each participant, thereby effectively reducing the application cost and improving the computing efficiency and flexibility.

Taking Private information retrieval (Private InformationRetrieval, PIR), i.e., a hidden query as an example, PIR is typically used to protect the privacy of the parties during the query so that the queried party can only determine that the query task is coming without knowing the query party's specific query request. Specifically, taking an example that the initiator queries the second partner for the corresponding feature data set based on the first identification data set, fig. 4 is a third step flowchart of a cloud-based privacy calculation method according to an embodiment of the present disclosure, where the method may be applied to an initiator, and the initiator holds the first identification data set.

Step 401, determining an elliptic curve shared key by the second partner based on a predetermined elliptic curve parameter; the second partner holds a third identification data set and a feature data set corresponding to the third identification data set.

In the embodiment of the disclosure, the second partner may hold the third identification data set and the feature data set corresponding to the third identification data set, and at this time, the initiator may initiate a query to the second partner based on the held first identification data set to determine a feature data set corresponding to an intersection between the first identification data set and the third identification data set, such as an identity set 1 of a bank holding a depositor, an identity set 2 of a transaction platform holding a buyer, and a transaction time data set corresponding to the identity set 2, and the bank may initiate a trace query to the transaction platform to determine a transaction time corresponding to a user having a deposit at the bank and a transaction record at the transaction platform.

In the embodiment of the disclosure, the negotiation of the initiator and the second partner to obtain the elliptic curve shared key may refer to the foregoing step 101 correspondingly, and the negotiation of the initiator and the first partner to obtain the elliptic curve shared key in the steps 201 to 203 is described in detail herein, so that repetition is avoided.

Step 402, executing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key.

In the disclosed embodiment, after determining that the elliptic curve shared key performs computation of elliptic curve scalar multiplication on the first identification data set, the initiator may extract two parts of data based on the obtained point set, where the extracted third intermediate state data is used for subsequent computation, the extracted feature encryption key is used for symmetric feature encryption of the feature data set by the second partner, and the initiator retains the feature encryption key so as to decrypt ciphertext of the feature data subsequently.

In an alternative method embodiment of the present disclosure, step 402 may include steps A1 through A2 as follows.

And A1, performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extracting a hash value of an ordinate.

In the embodiment of the disclosure, the step A1 may correspond to the related description of the step 204, and is not repeated here for avoiding repetition.

And A2, cutting each hash value, and respectively determining third intermediate state data and a characteristic encryption key.

In the embodiment of the disclosure, on the basis of extracting the hash values of the ordinate, each hash value may be split, and a part of split data is used as third intermediate state data to participate in subsequent computation, and another part is used as a feature encryption key of the feature data set. For example, taking a hash value of 256 bits as an example, each hash value may be split into a first 128 bits and a second 128 bits, where the first 128 bits are used as third intermediate data and the second 128 bits are used as the feature encryption key.

And 403, homomorphic encryption is carried out on the third intermediate state data by adopting a homomorphic public key, so as to obtain third encrypted data.

In the embodiment of the disclosure, the homomorphic public key is used to homomorphic encrypt the third intermediate data in step 403, which corresponds to the description of encrypting the first intermediate data in step 103, and is not repeated here.

In the embodiment of the disclosure, the initiator and the second partner can respectively calculate the characteristic encryption locally based on a common key negotiation algorithm. Taking the ECDH algorithm as an example, since both sides use a common ECDH public key for calculation, the feature encryption keys respectively extracted for both sides of the same ordinate are the same. And the second partner encrypts the feature data set based on the feature encryption key, and the obtained fourth encrypted data is provided by the cloud end of the second partner, so that the cloud end can perform subsequent complex calculation. When the cloud provides the hidden trace query result to the initiator, the initiator can correctly decrypt the feature encryption key calculated by the intersection based on the local and obtain the query result of the plaintext.

Step 404, providing third encrypted data to the cloud end, so that the cloud end calculates a zeroing polynomial based on the fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data, calculates the third encrypted data in the zeroing polynomial to obtain fifth encrypted data, and calculates the third encrypted data in the interpolation polynomial to obtain sixth encrypted data; the fourth encrypted data is obtained by encrypting the feature data set by the second partner based on the feature encryption key, and the fourth intermediate data and the feature encryption key are obtained by the second partner performing elliptic curve scalar multiplication on the third identification data set based on the elliptic curve shared key.

In this embodiment of the disclosure, similarly referring to the foregoing step A2, when the second partner obtains the fourth intermediate state data, the second partner may perform elliptic curve scalar multiplication on the third identification data set based on the elliptic curve shared key, and extract the number of bits corresponding to the third intermediate state data from the hash value on the ordinate as the fourth intermediate state data, and the feature encryption key.

In the embodiment of the disclosure, the cloud end calculates the zeroing polynomial based on the fourth intermediate state data, and calculates the third encrypted data in the zeroing polynomial to obtain the fifth encrypted data, which may correspond to the related description of calculating the second encrypted data with reference to the step 103, so that the description is omitted herein for avoiding repetition.

Furthermore, the cloud end can calculate an interpolation polynomial based on fourth intermediate state data and fourth encrypted data, wherein the fourth intermediate state data is obtained by the third identification data set, and the fourth encrypted data is obtained by encrypting the characteristic data set corresponding to the third identification data set, so that the fourth intermediate state data and the fourth encrypted data can also form a point set of a corresponding relation, and the interpolation polynomial can be generated based on the point set. In the interpolation polynomial, when the independent variable is the same as the identification data, the result of the polynomial is the characteristic data corresponding to the identification data. The calculation interpolation polynomial can adopt Newton interpolation method, and the difference quotient concept is introduced to ensure that the calculation is not needed to be globally calculated again when the nodes are increased, so that the calculation force cost is reduced.

Step 405, obtain fifth encrypted data and sixth encrypted data from the cloud, decrypt the fifth encrypted data based on the homomorphic private key, determine a second intersection containing the coincidence element between the first identification data set and the third identification data set, decrypt the sixth encrypted data based on the feature encryption key, and determine a feature data set corresponding to the second intersection.

In the embodiment of the disclosure, the initiator may obtain fifth encrypted data and sixth encrypted data from the cloud, wherein the initiator may decrypt, with reference to the description of the second encrypted data in step 105, a plaintext result indicating that the plaintext result includes a coincidence element between the first identification data set and the third identification data set based on the homomorphic private key, and extract the second intersection from the first identification data set according to the plaintext result; similarly, the sixth encrypted data includes feature data corresponding to the coincidence element between the first identification data set and the third identification data set, so that the feature encryption key corresponding to the second intersection is adopted to symmetrically decrypt the sixth encrypted data corresponding to the second intersection, and the feature data set corresponding to the second intersection is obtained. The initiator cannot learn the identification data except the second intersection in the third identification data and the feature data set corresponding to the identification data except the second intersection by determining the second intersection and the feature data set corresponding to the second intersection.

Fig. 5 is a second schematic diagram of an interaction flow of a cloud-based privacy computing method according to an embodiment of the present disclosure, and as shown in fig. 5, the method may be applied to a trace query between an initiator and a second partner under the assistance of a cloud. The first identification data set x _A2 and the predetermined elliptic curve parameter G ₂ are held at the initiator, and the third identification data set x _D, the predetermined elliptic curve parameter G ₂, and the characteristic data set y corresponding to x _D are held at the second partner. The cloud-based trace query interaction flow may be as follows:

step 501, the initiator may generate a first private key d _A2 and calculate a first public key H _A2＝d_A2G₂ based on G ₂、d_A;

Similarly, step 502, a second private key d _B2 is generated at the second partner and a second public key H _B2＝d_B2G₂ is calculated based on G ₂、d_B2.

Step 503, the initiator may provide H _A2 to the second partner and obtain H _B2 of the second partner to calculate the elliptic curve shared key S ₂＝d_A2H_B2;

Similarly, step 504, the second partner computes an elliptic curve shared key S ₂＝d_B2H_A2.

In step 505, the initiator performs elliptic curve scalar multiplication on the basis of x _A2、S₂ to calculate x _A2S₂, extracts a hash value of Blake2 on the ordinate, and uses the first 128 bits of the hash value of Blake2 as the third intermediate state data x' _A2 and the last 128 bits as the characteristic encryption key M.

Similarly, in step 506, the second partner performs elliptic curve scalar multiplication on the basis of x _D、S₂ to calculate x _DS₂, extracts the hash value of Blake2 on the ordinate, uses the first 128 bits of the hash value of Blake2 as the fourth intermediate state data x' _D, and uses the last 128 bits as the feature encryption key M.

Wherein, the characteristic encryption key M of the coincident element in the x '_A2 and the x' _D between the initiator and the second partner is the same.

Step 507, the initiator further adopts a cuckoo hash algorithm to map x' _A2 into the hash table based on the hash function h ₁,h₂,h₃.

Step 508, the initiator generates homomorphic public key and homomorphic private key, encrypts x '_A2 in the hash table by adopting the homomorphic public key to obtain third encrypted data [ x' _A2 ], and packages the third encrypted data by SIMD (Single instruction multiple data) encoding.

Step 509, the second partner encrypts y with M to obtain fourth encrypted data y'

After the local pre-calculation of the initiator and the second partner, the [ x '_A2]、x′_D and the y' can be respectively uploaded to the cloud, and the cloud can read the [ x '_A2]、x′_D and the y' to carry out homomorphic encryption hidden trace query calculation. The cloud may process x ' _D, for example, in step 510, map x ' _D to the hash table by using the hash function h ₁,h₂,h₃ applied by the initiator, and perform coefficient calculation of the zero-ized polynomial on x ' _D of each sub-bucket in the hash table, which may use SIMD encoding and packing; and, a hash table may be further constructed with reference to the insertion position of the foregoing x '_D in the hash table, and y' may be mapped to a position corresponding to the corresponding x '_D in another Zhang Haxi table by using the hash function h ₁,h₂,h₃ applied by the foregoing initiator, and the coefficient calculation of the interpolation polynomial may be performed on y' of each bucket in the hash table, which may be packed by SIMD encoding. Therefore, the insertion positions of x '_D and y' in the two hash tables are in one-to-one correspondence, and the zero-change polynomial is in one-to-one correspondence with the interpolation polynomial in subsequent calculation, so that correct characteristic data can be decrypted under the condition of determining an intersection.

Further, in step 511, the cloud may substitute [ x '_A2 ] into the zeroing polynomial generated by x' _D to perform homomorphism calculation in each sub-bin to obtain the fifth encrypted data [ r _A2 ], and substitute [ x '_A2 ] into the newton difference polynomial generated by y' to perform homomorphism calculation to obtain the sixth encrypted data [ y″ ].

The [ r _A2 ] includes ciphertext of 0 or random number, and each ciphertext corresponds to the [ x' _A2 ] position one-to-one.

Step 512, the initiator may download [ r _A2 ], [ y ] from the cloud, decrypt [ r _A2 ] based on the homomorphic private key, obtain a plaintext result r _A2, and if the ith plaintext result r _A2i =0, the corresponding x _A2i is in the second intersection x _E; otherwise, determining that all elements x _A2i with r _A2i =0 form a second intersection x _E; and decrypting the [ y '] corresponding to x _E2 based on the characteristic encryption key M corresponding to x _E to obtain a characteristic data set y' corresponding to x _E2.

According to the cloud-based privacy computing method, an initiator and a second partner can locally perform pre-computation, an elliptic curve shared key is determined based on a preset elliptic curve parameter so as to execute elliptic curve scalar multiplication on a first identification data set and a third identification data set respectively held by the initiator, the initiator obtains third intermediate state data and a characteristic encryption key, and the second partner obtains fourth intermediate state data and a characteristic encryption key; the initiator homomorphic encrypts third intermediate state data and then uploads the third encrypted data to the cloud end, and the second partner uploads fourth intermediate state data to the cloud end, so that the cloud end calculates a zero-ized polynomial based on the fourth intermediate state data and substitutes the zero-ized polynomial into the third encrypted data to calculate a polynomial to obtain fifth encrypted data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data and substitutes the fourth intermediate state data into the third encrypted data to calculate the polynomial to obtain sixth encrypted data; the initiator obtains the fifth encrypted data and then decrypts the fifth encrypted data to obtain a second intersection, and obtains the characteristic data set corresponding to the second intersection after obtaining the sixth encrypted data. In the method, the initiator and the partner carry out elliptic curve scalar multiplication processing on the local identification data set by using an elliptic curve shared key, so that the local identification data set is difficult to carry out inverse calculation, and the private information of the partner is prevented from being revealed to the cloud and the initiator on the basis of not influencing subsequent calculation; and a large number of complex polynomial computing tasks are hosted for cloud execution, so that the cloud computing can be performed more efficiently on a larger scale, and data products of privacy computation do not need to be deployed and maintained locally on each participant, thereby effectively reducing the application cost and improving the computing efficiency and flexibility.

Fig. 6 also illustrates a cloud-based privacy computing device 600 provided by an embodiment of the present disclosure, where the device 600 may be applied to an initiator, and as illustrated in fig. 6, the device may include an elliptic shared key module 601, an intermediate state computing module 602, a homomorphic encryption module 603, a transmission module 604, and a decryption module 605.

In a privacy set-rendering application of the apparatus, the initiator holds a first set of identification data, the apparatus 600 may include: an elliptic shared key module 601 for determining an elliptic curve shared key with the first partner based on predetermined elliptic curve parameters; the first partner holds a second identification data set; an intermediate state calculation module 602, configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain first intermediate state data; the homomorphic encryption module 603 is configured to homomorphic encrypt the first intermediate-state data with a homomorphic public key to obtain first encrypted data; the transmission module 604 is configured to send the first encrypted data to the cloud end, so that the cloud end calculates a zeroing polynomial based on the second intermediate state data, and determines second encrypted data calculated by the first encrypted data in the zeroing polynomial; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on the second identification data set based on the elliptic curve shared key and is provided for the cloud; the decryption module 605 is configured to obtain second encrypted data from the cloud end, and decrypt the second encrypted data based on the homomorphic private key to determine a first intersection containing a coincidence element between the first identification data set and the second identification data set.

In an optional apparatus embodiment of the disclosure, an elliptic shared key module 601 is specifically configured to generate a first private key, and calculate with the first private key based on a predetermined elliptic curve parameter to obtain a first public key; providing a first public key for the first partner, and obtaining a second public key from the first partner, wherein the second public key is obtained by the first partner based on the second private key and a preset elliptic curve parameter, and the second private key is generated by the first partner; an elliptic curve shared key is calculated based on the first private key and the second public key.

In an alternative apparatus embodiment of the present disclosure, the apparatus may further comprise a SIMD encoding module for encoding the first encrypted data using SIMD technology.

In an alternative embodiment of the present disclosure, the intermediate state calculating module 602 is specifically configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extract a hash value of the ordinate to obtain the first intermediate state data.

In an optional device embodiment of the disclosure, the homomorphic encryption module 603 is configured to map the first intermediate state data into a hash table using a predetermined hash function based on a cuckoo hash algorithm; and encrypting the first intermediate state data in the hash table by adopting the homomorphic public key to obtain first encrypted data.

According to the cloud-based privacy computing device provided by the disclosure, an initiator and a first partner can locally perform pre-computation, an elliptic curve shared key is determined based on a predetermined elliptic curve parameter, so that elliptic curve scalar multiplication is performed on a first identification data set and a second identification data set which are respectively held, and corresponding first intermediate state data and second intermediate state data are obtained; the initiator homomorphic encrypts the first intermediate state data and then uploads the first encrypted data to the cloud end, and the first partner uploads the second intermediate state data to the cloud end, so that the cloud end calculates a zero-degree polynomial based on the second intermediate state data and substitutes the zero-degree polynomial into the first encrypted data to perform polynomial calculation to obtain the second encrypted data, and the initiator obtains the second encrypted data and then decrypts the second encrypted data to obtain the first intersection. In the method, the initiator and the partner carry out elliptic curve scalar multiplication processing on the local identification data set by using an elliptic curve shared key, so that the local identification data set is difficult to carry out inverse calculation, and the private information of the partner is prevented from being revealed to the cloud and the initiator on the basis of not influencing subsequent calculation; and a large number of complex polynomial computing tasks are hosted for cloud execution, so that the cloud computing can be performed more efficiently on a larger scale, and data products of privacy computation do not need to be deployed and maintained locally on each participant, thereby effectively reducing the application cost and improving the computing efficiency and flexibility.

In a track-hidden query application of the apparatus, the initiator holds a first set of identification data, the apparatus 600 may include: an elliptic shared key module 601 for determining an elliptic curve shared key with the second partner based on predetermined elliptic curve parameters; the second partner holds a third identification data set and a characteristic data set corresponding to the third identification data set; an intermediate state calculation module 602, configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, to obtain third intermediate state data and a feature encryption key; the homomorphic encryption module 603 is configured to homomorphic encrypt the third intermediate data with a homomorphic public key to obtain third encrypted data; a transmission module 604, configured to provide third encrypted data to the cloud end, so that the cloud end calculates a zeroing polynomial based on the fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data, and determines fifth encrypted data calculated by the third encrypted data in the zeroing polynomial, and sixth encrypted data calculated by the interpolation polynomial; the fourth intermediate state data is obtained by the second partner performing elliptic curve scalar multiplication on the third identification data set based on the elliptic curve shared key and is provided for the cloud; the decryption module 605 is configured to obtain fifth encrypted data and sixth encrypted data from the cloud end, decrypt the fifth encrypted data based on the homomorphic private key, determine a second intersection containing overlapping elements between the first identification data set and the third identification data set, decrypt the sixth encrypted data based on the feature encryption key, and determine a feature data set corresponding to the second intersection.

In an alternative embodiment of the apparatus of the present disclosure, the intermediate state calculating module 602 is specifically configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extract a hash value of the ordinate; and cutting each hash value to respectively determine third intermediate state data and a characteristic encryption key.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order, or that all illustrated steps be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.

Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.

An electronic device 700 according to such an embodiment of the present disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.

As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: the at least one processing unit 710, the at least one memory unit 720, and a bus 730 connecting the different system components, including the memory unit 720 and the processing unit 710.

Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification.

The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.

The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 700 may also communicate with one or more external devices (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 700, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 700 to communicate with one or more other computing devices. Such communication may occur through the display unit 740 and an input/output (I/O) interface 750 connected to the display unit 740. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. As shown, network adapter 760 communicates with other modules of electronic device 700 over bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.

In an embodiment of the present disclosure, a program product for implementing the above method is also provided, which may employ a portable compact disc read-only memory (CD-ROM) and comprise program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A cloud-based privacy computing method, the method being applied to an initiator, the initiator holding a first set of identification data, the method comprising:

Determining, with the first partner, an elliptic curve shared key based on the predetermined elliptic curve parameters; the first partner holds a second set of identification data;

Performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain first intermediate state data;

Homomorphic encryption is carried out on the first intermediate state data by adopting a homomorphic public key, so as to obtain first encrypted data;

Sending the first encrypted data to a cloud end, so that the cloud end calculates a zero-change polynomial based on second intermediate state data, and calculates the first encrypted data in the zero-change polynomial to obtain second encrypted data; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on a second identification data set based on the elliptic curve shared key and is provided to the cloud;

And obtaining the second encrypted data from the cloud, decrypting the second encrypted data based on a homomorphic private key, and determining a first intersection containing coincident elements between the first identification data set and the second identification data set.

2. The method of claim 1, wherein said determining, with the first partner, the elliptic curve shared key based on predetermined elliptic curve parameters comprises:

generating a first private key based on a preset elliptic curve parameter, and calculating to obtain a first public key based on the first private key;

providing a first public key for a first partner, and obtaining a second public key from the first partner, wherein the second public key is obtained by the first partner through calculation based on a second private key and the preset elliptic curve parameters, and the second private key is generated by the first partner;

The elliptic curve shared key is calculated based on the first private key and the second public key.

3. The method of claim 1, wherein before sending the first encrypted data to the cloud, further comprising:

The first encrypted data is encoded using single instruction multiple data SIMD techniques.

4. The method of claim 1, wherein the performing elliptic curve scalar multiplication on the first set of identification data based on the elliptic curve shared key to obtain first intermediate state data comprises:

And performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, and extracting hash values of ordinate to obtain first intermediate state data.

5. The method of claim 1, wherein homomorphic encrypting the first intermediate state data using a homomorphic public key to obtain first encrypted data comprises:

Mapping the first intermediate state data into a hash table by adopting a preset hash function based on a cuckoo hash algorithm;

And encrypting the first intermediate state data in the hash table by adopting the homomorphic public key to obtain the first encrypted data.

6. A cloud-based privacy computing method, the method being applied to an initiator, the initiator holding a first set of identification data, the method comprising:

determining, with the second partner, an elliptic curve shared key based on the predetermined elliptic curve parameters; the second partner holds a third identification data set and a characteristic data set corresponding to the third identification data set;

Performing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key;

homomorphic encryption is carried out on the third intermediate state data by adopting a homomorphic public key, so as to obtain third encrypted data;

Providing the third encrypted data to the cloud end, so that the cloud end calculates a zero-ized polynomial based on fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and fourth encrypted data, calculates the third encrypted data in the zero-ized polynomial to obtain fifth encrypted data, and calculates the third encrypted data in the interpolation polynomial to obtain sixth encrypted data; the fourth encrypted data is obtained by the second partner encrypting the characteristic data set based on a characteristic encryption key, and the fourth intermediate state data and the characteristic encryption key are obtained by the second partner performing elliptic curve scalar multiplication on a third identification data set based on the elliptic curve shared key;

And obtaining the fifth encrypted data and the sixth encrypted data from the cloud, decrypting the fifth encrypted data based on a homomorphic private key, determining a second intersection containing coincident elements between the first identification data set and the third identification data set, decrypting the sixth encrypted data based on the characteristic encryption key, and determining a characteristic data set corresponding to the second intersection.

7. The method of claim 6, wherein performing elliptic curve scalar multiplication on the first set of identification data based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key comprises:

Performing elliptic curve scalar multiplication on the first identification data set and extracting hash values of an ordinate;

And cutting each hash value to respectively determine the third intermediate state data and the characteristic encryption key.

8. A cloud-based privacy computing device, the device being applied to an initiator, the initiator holding a first set of identification data, the device comprising:

An elliptic shared key module for determining an elliptic curve shared key with the first partner based on predetermined elliptic curve parameters; the first partner holds a second set of identification data;

An intermediate state calculation module, configured to perform elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key, to obtain first intermediate state data;

The homomorphic encryption module is used for homomorphic encrypting the first intermediate-state data by adopting a homomorphic public key to obtain first encrypted data;

The transmission module is used for sending the first encrypted data to the cloud so that the cloud calculates a zero-change polynomial based on the second intermediate state data and determines second encrypted data calculated by the first encrypted data in the zero-change polynomial; the second intermediate state data is obtained by the first partner performing elliptic curve scalar multiplication on a second identification data set based on the elliptic curve shared key and is provided to the cloud;

And the decryption module is used for obtaining the second encrypted data from the cloud and decrypting the second encrypted data based on a homomorphic private key to determine a first intersection containing coincident elements between the first identification data set and the second identification data set.

9. A cloud-based privacy computing device, the device being applied to an initiator, the initiator holding a first set of identification data, the device comprising:

An elliptic shared key module for determining an elliptic curve shared key with the second partner based on predetermined elliptic curve parameters; the second partner holds a third identification data set and a characteristic data set corresponding to the third identification data set;

the intermediate state calculation module is used for executing elliptic curve scalar multiplication on the first identification data set based on the elliptic curve shared key to obtain third intermediate state data and a characteristic encryption key;

the homomorphic encryption module is used for homomorphic encryption of the third intermediate-state data by adopting a homomorphic public key to obtain third encrypted data;

the transmission module is used for providing the third encrypted data to the cloud end so that the cloud end calculates a zero-change polynomial based on fourth intermediate state data, calculates an interpolation polynomial based on the fourth intermediate state data and the fourth encrypted data, and determines fifth encrypted data calculated by the third encrypted data in the zero-change polynomial and sixth encrypted data calculated by the interpolation polynomial; the fourth encrypted data is obtained by the second partner encrypting the characteristic data set based on a characteristic encryption key, and the fourth intermediate state data and the characteristic encryption key are obtained by the second partner performing elliptic curve scalar multiplication on a third identification data set based on the elliptic curve shared key;

The decryption module is configured to obtain the fifth encrypted data and the sixth encrypted data from the cloud, decrypt the fifth encrypted data based on a homomorphic private key, determine a second intersection containing a coincidence element between the first identification data set and the third identification data set, decrypt the sixth encrypted data based on the feature encryption key, and determine a feature data set corresponding to the second intersection.

10. An electronic device, comprising:

A processor; and

A memory for storing a computer program of the processor;

Wherein the processor is configured to perform the cloud-based privacy calculation method of any of claims 1 to 7 via execution of the computer program.

11. A computer readable medium having a computer program stored thereon, which when executed by a processor implements the cloud-based privacy calculation method of any of claims 1 to 7.