[go: up one dir, main page]

CN109525386B - Paillier homomorphic encryption private aggregation and method based on Paillier - Google Patents

Paillier homomorphic encryption private aggregation and method based on Paillier Download PDF

Info

Publication number
CN109525386B
CN109525386B CN201811442107.6A CN201811442107A CN109525386B CN 109525386 B CN109525386 B CN 109525386B CN 201811442107 A CN201811442107 A CN 201811442107A CN 109525386 B CN109525386 B CN 109525386B
Authority
CN
China
Prior art keywords
party
intersection
cipher
user
sum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201811442107.6A
Other languages
Chinese (zh)
Other versions
CN109525386A (en
Inventor
周福才
周搏洋
王强
吴淇毓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeastern University China
Original Assignee
Northeastern University China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeastern University China filed Critical Northeastern University China
Priority to CN201811442107.6A priority Critical patent/CN109525386B/en
Publication of CN109525386A publication Critical patent/CN109525386A/en
Application granted granted Critical
Publication of CN109525386B publication Critical patent/CN109525386B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供一种基于Paillier同态加密私有交集和的方法,涉及网络空间安全与隐私保护技术领域。包括基于Paillier同态加密的私有交集和的协议以及反向私有交集和的协议,在私有交集和的协议中,双方协商关于加密私有交集和的基础设置并经过三轮加密,最终2方使用私钥解密求得交集和,在反向私有交集和的协议中,双方协商关于加密反向私有交集和的基础设置并经过两轮加密,然后2方使用私钥解密出带有扰乱因子的交集和并判断交集基数大小是否能够进入第三轮解密,若满足条件则1方除去扰乱因子求得交集和。本方法利用模运算的性质提出密文分割方案,具有较高的效率,且协议双方能够准确计算交集的基数和交集和,避免了习惯思维两两计算可能导致的信息泄露。

Figure 201811442107

The invention provides a private intersection sum method based on Paillier homomorphic encryption, and relates to the technical field of cyberspace security and privacy protection. Including the private intersection and sum protocol based on Paillier homomorphic encryption and the reverse private intersection and sum protocol, in the private intersection and sum protocol, the two parties negotiate the basic settings for encrypted private intersection and sum and go through three rounds of encryption. Decrypt the key to obtain the intersection sum. In the reverse private intersection sum protocol, the two parties negotiate the basic settings for encrypting the reverse private intersection sum and go through two rounds of encryption. Then the two parties use the private key to decrypt the intersection sum with the scramble factor. And judge whether the size of the intersection cardinality can enter the third round of decryption. If the conditions are met, the first party removes the disturbance factor to obtain the intersection sum. This method uses the nature of modular operation to propose a ciphertext segmentation scheme, which has high efficiency, and both parties of the agreement can accurately calculate the cardinality and sum of intersection, which avoids information leakage that may be caused by habitual thinking.

Figure 201811442107

Description

Paillier homomorphic encryption private aggregation and method based on Paillier
Technical Field
The invention relates to the technical field of network space security and privacy protection, in particular to a Paillier homomorphic encryption private aggregation and privacy protection-based method.
Background
In recent years, data shows an explosive growth trend, the data quantity and the data types become more and more complex, and a great amount of valuable customer information, personal privacy records and enterprise operation data are continuously mined. In the era of data explosion, the problem of privacy protection under big data is very important.
Privacy Set Intersection (PSI) is an important protocol for secure multiparty computation. The method participates in calculating the input data sets of two or more parties, but only the result of intersection can be obtained, and no information beyond the intersection can be obtained. The correlation protocol only allows these parties to know certain properties of the intersection, such as the cardinality of the intersection or whether the size of the intersection exceeds some threshold. Various approaches have been proposed in previous work, including protocols that use a semi-honest model as well as a malicious model.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a Paillier homomorphic encryption private intersection set-based method, which comprises a Paillier homomorphic encryption private intersection set-based protocol and a Paillier homomorphic encryption reverse private intersection set-based protocol, wherein two parties, namely a party 1 and a party 2, exist in the two protocols, private intersection and protocol are private input data sets containing user identifiers held by the two parties, the data set of one party additionally contains integer values related to each user identifier, the two parties are not allowed to know the actual user identifier of intersection or the additional information (except the size of intersection) of the data of the other party on the basis that the two parties want to know the sum of the cardinality of intersection and the intersection related integer values, namely the privacy information of users, and the result obtained by the private intersection and protocol is that the cardinality of the party 1 can only obtain the cardinality of intersection, while 2 parties can only get an aggregate; the reverse private intersection and the protocol ensure the minimum value of the number of intersection elements by a mode of terminating communication before obtaining the intersection set if the intersection set is too small, so that the privacy information of the user is protected, and the result obtained by the reverse private intersection and the protocol is that both sides can obtain the cardinality of the intersection set, and only 1 side can obtain the intersection set.
In order to achieve the purpose, the method for encrypting the private aggregation and the private aggregation based on the Paillier homomorphic comprises a protocol based on the Paillier homomorphic encryption private aggregation and a protocol based on the Paillier homomorphic encryption reverse private aggregation;
(1) the agreement based on the Paillier homomorphic encryption private aggregation comprises the following steps:
step 1: the two parties negotiate about the basic setting of the encryption private transaction set, and the specific steps are as follows:
step 1.1: the two parties negotiate to set a security parameter lambda, a group G epsilon G (lambda), a user identifier space U ═ U (lambda) and a random speaker RO: u → G, where the random oracle RO maps the user identifier into a random element of group G;
step 1.2: input set U with m user identifiers held by 1 party1={ui}i∈[m]Wherein, the ith user u of the 1 st partyi∈U;
Step 1.3: party 2 holds a set of n user identifiers and associated integer values with which to pair { (v)j,tj)}j∈[n]Wherein, the jth user v of the 2 partiesjE and associated integer value t of the expected pairing with Ui∈Z+,Z+For positive integers, sum of private sums ∑ tjA Paillier message space suitable for the security parameter lambda and defining U2={vj}j∈[n]
Step 1.4: each party a selects a random secret index k in the group Ga
Step 1.5: generating a new key pair (pk, sk) by the 2 parties by using a Pai.Gen (lambda) function in the Pailler encryption scheme, and sharing the public key pk to the 1 party;
step 2: party 1 encrypts its own set of user identifiers U1Sending the data to the 2 parties in a disordered way, and specifically comprising the following steps:
step 2.1: party 1 sets each user u in own user identifieriApplied to a random oracle RO and then using the secret key k1The first encryption is carried out to obtain a 1-party user ciphertext after the 1-party encryption
Figure BDA0001884917180000021
Step 2.2: party 1 cipher text cipher after encryptionu1Set of constructs
Figure BDA0001884917180000022
Sending the data to the 2 parties out of order;
and step 3: party 2 encrypts user data sent by party 1 and own user identifier set U2And sending the data to the party 1 in a disordered way, and the specific steps are as follows:
step 3.1: party 2 uses key k2Receiving 1 party user cipher text after 1 party encryption
Figure BDA0001884917180000023
The elements are encrypted for the second time to obtain the ciphertext of the party 1 encrypted by the two parties
Figure BDA0001884917180000024
Step 3.2: ciphertext cipher obtained by encrypting 1-party user by both parties by 2 partiesu12Set of constructs
Figure BDA0001884917180000025
Sending the data to the party 1 out of order;
step 3.3: party 2 uses key k2For the input set element (v)j,tj) For each user identifier v in the pairjEncrypting the elements after being applied to the RO mapping of the random oracle machine, and then using the Paillier public key pk to input the set elements (v)j,tj) With each user identifier v in the pairjExpected paired related integer value tjEncrypting to obtain 2-party encrypted user ciphertext
Figure BDA0001884917180000026
Ciphertext cipher of integer value paired with 2-party encrypted 2-party usert2=Pai(tj) Carrying out pairing;
step 3.4: party 2 cipherer for encrypted user ciphertextv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000027
Sending the data to the party 1 out of order;
and 4, step 4: party 1 encrypts data sent from party 2 and obtains cipherv12With a nepheru12And then the ciphertext Pai of the integer value sum matched with the intersection is obtained according to the set H (S)H) And sending the data to the party 2, which comprises the following steps:
step 4.1: party 1 uses key k1Cipher text cipher for received 2-party encrypted userv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000028
Each element in (1)
Figure BDA0001884917180000029
Carrying out secondary encryption to obtain ciphertext after the two parties jointly encrypt the 2-party userv12And integer value cipher text cipher paired with itt2To pair
Figure BDA00018849171800000210
Step 4.2: 1-square computing cirherv12With a nepheru12The intersection of (H):
Figure BDA00018849171800000211
step 4.3: for each element H in the set H, the 1 st party will pair with H the integer value ciphertext nephrt2=Pai(tj) Multiplication, homomorphically obtaining the sum S of integer values paired with the intersectionHCiphertext Pai (S)H):Pai(SH)=Pai(∑j∈Htj)=Pai.Sum({Pai(tj)}j∈H);
Step 4.4: sum S of integer values that the 1 party will pair with the intersectionHCiphertext Pai (S)H) Sending to the party 2;
and 5: party 2 decrypts the sum S of the received Paillier encrypted integer values paired with the intersection using Paillier private key skHCiphertext Pai (S)H) Obtaining the sum S of integer values paired with the intersectionH
(2) The Paillier homomorphic encryption reverse private aggregation and based protocol comprises the following steps:
s1: the two parties negotiate about the basic setting of the encryption private transaction set, and the specific steps are as follows:
s1.1: the two parties negotiate to set a security parameter lambda, a group G epsilon G (lambda), a user identifier space U ═ U (lambda) and a random speaker RO: u → G, where the random oracle RO maps the user identifier into a random element of group G;
s1.2: input set U with m user identifiers held by 1 party1={ui}i∈[m]Wherein, the ith user u of the 1 st partyi∈U;
S1.3: party 2 holds a set of n user identifiers and associated integer values with which to pair { (v)j,tj)}j∈[n]Wherein, the jth user v of the 2 partiesjE and associated integer value t of the expected pairing with Uj∈Z+,Z+For positive integers, sum of private sums ∑ tjA Paillier message space adapted to the security parameter λ and defining an input set U of 2-party user identifiers2={vj}j∈[n]
S1.4: each party a selects a random secret index k in the group Ga
S1.5: generating a new key pair (pk, sk) by the 2 parties by using a Pai.Gen (lambda) function in the Pailler encryption scheme, and sharing the public key pk to the 1 party;
s2: party 2 encrypts its own set of user identifiers U2And sending the data to the party 1 in sequence, and the specific steps are as follows:
s2.1: party 2 uses key k2For the input set element (v)j,tj) For each user identifier v in the pairjEncrypting the elements applied to the random prediction machine RO, and then using Paillier public key pk to input set elements (v)j,tj) With each user identifier v in the pairjExpected paired related integer value tjEncrypting to obtain 2-party encrypted user ciphertext
Figure BDA0001884917180000036
Ciphertext cipher of integer value paired with 2-party encrypted 2-party usert2=Pai(tj) Carrying out pairing;
s2.2: party 2 cipherer for encrypted user ciphertextv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000031
Sending the data to the 1 party in sequence;
s3: party 1 encrypts user data sent from party 2 and its own user identifier set U1And send to 2 parties in sequenceThe method comprises the following specific steps:
s3.1: party 1 uses key k1Cipher text cipher for received 2-party encrypted userv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000035
Each of which is
Figure BDA0001884917180000033
The elements are encrypted for the second time to obtain the ciphertext after the two parties encrypt the 2-party user together
Figure BDA0001884917180000034
And randomly choosing the mapping under Paillier modulus N (j → r)j) Wherein r isj∈Z+Through Pai (t)j+rj)=Pai(tj)×Pai(rj) To each received in a homomorphic way
Figure BDA0001884917180000041
Element and user identifier vjExpected paired related integer value tjPerforming one-time filling encryption to finally obtain ciphertext after the two parties encrypt the 2-party user togetherv12Padded cipher with its paired integer valuetr2To pair
Figure BDA0001884917180000042
S3.2: side 1 save map (j → r)j) And the two parties encrypt the ciphertext after the 2 parties of the usersv12Padded cipher with its paired integer valuetr2To a set of formations
Figure BDA0001884917180000043
Sending the data to the 2 parties in sequence;
s3.3: party 1 uses key k1For user u to be input into set 1iThe method is applied to encryption of elements subjected to RO mapping of the random oracle machine to obtain the encrypted 1-party usage of the 1-partyHousehold cipher text
Figure BDA0001884917180000044
S3.4: party 1 cipher text cipher after encryptionu1Set of constructs
Figure BDA0001884917180000045
Sending the data to the 2 parties out of order;
s4: party 2 encrypts data sent by party 1 and obtains cipherv12With a nepheru12And filling and encrypting the subscript set J to obtain the sum S of integer values matched with the intersectionJrAnd sending the data to the party 1, which comprises the following steps:
s4.1: party 2 uses key k2Receiving 1 party user cipher text after 1 party encryption
Figure BDA0001884917180000046
Performing secondary encryption to obtain a ciphertext obtained by encrypting the 1-party user by both parties
Figure BDA0001884917180000047
S4.2: 2-square computing cirherv12With a nepheru12Subscript set J of intersection:
Figure BDA0001884917180000048
s4.3: judging whether the intersection cardinality is smaller than a set threshold value, if so, terminating the protocol by the 2-party, and if not, continuing S4.4;
s4.4: the 2 nd party converts all elements Pai (t) corresponding to subscripts in the subscript set Jj+rj) Multiplying, and decrypting by using a private key sk to obtain a sum S of integer values matched with the intersection and provided with one-time filling encryptionJr=∑j∈Jtj+rj
S4.5: 2-party sum S of encrypted integer values paired with intersectionJrAnd sending the subscript set J to the party 1;
s5: 1-way computation of the sum of integer values paired with an intersection
Figure BDA0001884917180000049
The invention has the beneficial effects that:
the invention provides a Paillier homomorphic encryption private aggregation and based method, which researches and adopts a Paillier homomorphic encryption based algorithm, utilizes the property of modular operation to provide a ciphertext segmentation scheme, segments and encrypts a plaintext, has higher efficiency, and can obtain the result of the encrypted plaintext without decryption. According to the agreement based on the Paillier homomorphic encryption private intersection set and the agreement based on the Paillier homomorphic encryption reverse private intersection set, both parties of the agreement can accurately calculate the base number and the intersection sum of the intersection set, information leakage possibly caused by two-by-two calculation of habitual thinking is avoided, if the base number of the set is found to be too small in the reverse private intersection set and the agreement, in order to prevent the intersection set from being acquired by a certain party, and therefore private information of certain users is deduced, and privacy of the users is leaked, the problem of privacy leakage is effectively prevented by adopting a protocol termination mode, in the process of adopting the Paillier homomorphic encryption, one party randomly selects mapping to carry out blind processing on the encrypted user id related integer values, before the intersection sum is obtained, blind factors are removed according to the mapping, and safety of the agreement is greatly improved.
Drawings
FIG. 1 is a diagram of private intersection and protocol architecture in an embodiment of the present invention;
FIG. 2 is a diagram illustrating private intersection and protocol timing diagrams in an embodiment of the present invention;
FIG. 3 is a flow diagram of private intersection and protocol in an embodiment of the present invention;
FIG. 4 is a diagram of reverse private aggregation and protocol architecture in an embodiment of the present invention;
FIG. 5 is a timing diagram of reverse private aggregation and protocol in an embodiment of the present invention;
fig. 6 is a flow chart of reverse private aggregation and protocol in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clear, the present invention will be further described in detail with reference to the accompanying drawings and specific embodiments. The specific embodiments described herein are merely illustrative of the invention and are not intended to be limiting.
A method for encrypting private collections based on Paillier homomorphic encryption comprises a protocol based on the Paillier homomorphic encryption private collections and a protocol based on the Paillier homomorphic encryption reverse private collections;
(1) paillier homomorphic encryption private aggregation and based protocol
In this embodiment, an architecture based on Paillier homomorphic encryption private intersection and protocol is shown in fig. 1, in the private intersection and protocol, two parties input all user resource identifier sets of themselves, and when outputting, party 1 obtains the cardinality of the intersection, and party 2 obtains the intersection. Two parties of the private intersection and protocol implement the process of aggregation and aggregation through setup and three rounds of interaction, as shown in fig. 2.
As can be seen from fig. 2, in the setup step, both parties agree on a security parameter λ, a group G ∈ G (λ), and a user identifier space U ═ U (λ). Both parties can use a random oracle RO: u → G. First round, 1 square with k1Encrypts its own set of user identifiers and sends it to party 2. Second round, 2 squares with k2Encrypting the set sent by party 1 and using k2And pk encrypts its own set of user identifiers and sends it to party 1. Calculating to obtain the cirher by 1 squarev12With a nepheru12The intersection of (a). The third round, party 1 sends the encrypted set H to party 2, party 2 uses sk decryption to get the sum of integer values paired with the intersection, i.e. the intersection and SH
In the present embodiment, for convenience of the following description, the representation and explanation shown in table 1 are given.
TABLE 1 symbolic description of communications between entities
Figure BDA0001884917180000051
Figure BDA0001884917180000061
The specific flow is shown in fig. 3, and includes the following steps:
step 1: the two parties negotiate about the basic setting of the encryption private transaction set, and the specific steps are as follows:
step 1.1: the two parties negotiate to set a security parameter lambda, a group G epsilon G (lambda), a user identifier space U ═ U (lambda) and a random speaker RO: u → G, where the random oracle RO maps the user identifier into a random element of group G;
step 1.2: input set U with m user identifiers held by 1 party1={ui}i∈[m]Wherein, the ith user u of the 1 st partyi∈U;
Step 1.3: party 2 holds a set of n user identifiers and associated integer values with which to pair { (v)j,tj)}j∈[n]Wherein, the jth user v of the 2 partiesjE and associated integer value t of the expected pairing with Uj∈Z+,Z+For positive integers, sum of private sums ∑ tjA Paillier message space suitable for the security parameter lambda and defining U2={vj}j∈[n]
Step 1.4: each party a selects a random secret index k in the group Ga
Step 1.5: generating a new key pair (pk, sk) by the 2 parties by using a Pai.Gen (lambda) function in the Pailler encryption scheme, and sharing the public key pk to the 1 party;
step 2: party 1 encrypts its own set of user identifiers U1Sending the data to the 2 parties in a disordered way, and specifically comprising the following steps:
step 2.1: party 1 sets each user u in own user identifieriApplied to a random oracle RO and then using the secret key k1The first encryption is carried out to obtain a 1-party user ciphertext after the 1-party encryption
Figure BDA0001884917180000062
Step 2.2: party 1 will encryptLater user ciphertextu1Set of constructs
Figure BDA0001884917180000063
Sending the data to the 2 parties out of order;
and step 3: party 2 encrypts user data sent by party 1 and own user identifier set U2And sending the data to the party 1 in a disordered way, and the specific steps are as follows:
step 3.1: party 2 uses key k2Receiving 1 party user cipher text after 1 party encryption
Figure BDA0001884917180000064
The elements are encrypted for the second time to obtain the ciphertext of the party 1 encrypted by the two parties
Figure BDA0001884917180000065
Step 3.2: ciphertext cipher obtained by encrypting 1-party user by both parties by 2 partiesu12Set of constructs
Figure BDA0001884917180000066
Sending the data to the party 1 out of order;
step 3.3: party 2 uses key k2For the input set element (v)j,tj) For each user identifier v in the pairjEncrypting the elements after being applied to the RO mapping of the random oracle machine, and then using the Paillier public key pk to input the set elements (v)j,tj) With each user identifier v in the pairjExpected paired related integer value tjEncrypting to obtain 2-party encrypted user ciphertext
Figure BDA0001884917180000067
Ciphertext cipher of integer value paired with 2-party encrypted 2-party usert2=Pai(tj) Carrying out pairing;
step 3.4: party 2 cipherer for encrypted user ciphertextv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000068
Sending the data to the party 1 out of order;
and 4, step 4: party 1 encrypts data sent from party 2 and obtains cipherv12With a nepheru12And then the ciphertext Pai of the integer value sum matched with the intersection is obtained according to the set H (S)H) And sending the data to the party 2, which comprises the following steps:
step 4.1: party 1 uses key k1Cipher text cipher for received 2-party encrypted userv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000071
Each element in (1)
Figure BDA0001884917180000072
Carrying out secondary encryption to obtain ciphertext after the two parties jointly encrypt the 2-party uservl2And integer value cipher text cipher paired with itt2To pair
Figure BDA0001884917180000073
Step 4.2: 1-square computing cirherv12With a nepheru12The intersection of (H):
Figure BDA0001884917180000074
step 4.3: for each element H in the set H, the 1 st party will pair with H the integer value ciphertext nephrt2=Pai(tj) Multiplication, homomorphically obtaining the sum S of integer values paired with the intersectionHCiphertext Pai (S)H):Pai(SH)=Pai(∑j∈Htj)=Pai.Sum({Pai(tj)}j∈H);
Step 4.4: sum S of integer values that the 1 party will pair with the intersectionHCiphertext Pai (S)H) Sending to the party 2;
and 5: party 2 decrypts the sum S of the received Paillier encrypted integer values paired with the intersection using Paillier private key skHCiphertext Pai (S)H) Obtaining the aggregate and SH
(2) Paillier homomorphic encryption reverse private aggregation and based protocol
In this embodiment, the framework based on Paillier homomorphic encryption reverse private intersection and protocol is as shown in fig. 4, in the reverse private intersection and protocol, both parties also input all their own user resource identifier sets, and the protocol is terminated if the intersection cardinality is too small during output. Otherwise, the 1 party obtains the base number of the intersection and the intersection set, and the 2 party obtains the base number of the intersection set. Two parties of the reverse private intersection and protocol implement the intersection and set process through setup and three rounds of interaction, as shown in fig. 5.
As can be seen from fig. 5, in the setup step, both parties agree on a security parameter λ, a group G ∈ G (λ), and a user identifier space U ═ U (λ). Both parties can use a random oracle RO: u → G. First round, 2 squares with k2And pk encrypts its own set of user identifiers and sends it to party 1. Second round, 1 square with k1Encrypt its own set of user identifiers, k for each element in the set sent by 2 parties1After encrypting the user identifier, a scrambling factor is added and sent to party 2. Calculating by 2-square to obtain the nepherv12With a nepheru12A set J of intersecting indices, and a sum S of integer values paired with the intersection with a disturbing factor is decrypted using skJrIf the intersection cardinality is too small, the protocol is terminated. Third round, the 2 nd party will have the sum S of the integer values paired with the intersection of the perturbing factorJrAnd sending the subscript set J to the 1 side, and removing the disturbing factors by the 1 side to obtain the sum of integer values matched with the intersection, namely the intersection and the SJ
The specific flow is shown in fig. 6, and includes the following steps:
s1: the two parties negotiate about the basic setting of the encryption private transaction set, and the specific steps are as follows:
s1.1: the two parties negotiate to set a security parameter lambda, a group G epsilon G (lambda), a user identifier space U ═ U (lambda) and a random speaker RO: u → G, where the random oracle RO maps the user identifier into a random element of group G;
s1.2: input set U with m user identifiers held by 1 party1={ui}i∈[m]Wherein, the ith user u of the 1 st partyi∈U;
S1.3: party 2 holds a set of n user identifiers and associated integer values with which to pair { (v)j,tj)}j∈[n]Wherein, the jth user v of the 2 partiesjE and associated integer value t of the expected pairing with Uj∈Z+,Z+For positive integers, sum of private sums ∑ tjA Paillier message space adapted to the security parameter λ and defining an input set U of 2-party user identifiers2={vj}j∈[n]
S1.4: each party a selects a random secret index k in the group Ga
S1.5: generating a new key pair (pk, sk) by the 2 parties by using a Pai.Gen (lambda) function in the Pailler encryption scheme, and sharing the public key pk to the 1 party;
s2: party 2 encrypts its own set of user identifiers U2And sending the data to the party 1 in sequence, and the specific steps are as follows:
s2.1: party 2 uses key k2For the input set element (v)j,tj) For each user identifier v in the pairjEncrypting the elements applied to the random prediction machine RO, and then using Paillier public key pk to input set elements (v)j,tj) With each user identifier v in the pairjExpected paired related integer value tjEncrypting to obtain 2-party encrypted user ciphertext
Figure BDA0001884917180000081
Ciphertext cipher of integer value paired with 2-party encrypted 2-party usert2=Pai(tj) Carrying out pairing;
s2.2: party 2 cipherer for encrypted user ciphertextv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000082
Sending the data to the 1 party in sequence;
s3: party 1 encrypts user data sent from party 2 and its own user identifier set U1And sending the data to the 2 parties in sequence, and the concrete steps are as follows:
s3.1: party 1 uses key k1Cipher text cipher for received 2-party encrypted userv2And integer value cipher text cipher paired with itt2To a set of formations
Figure BDA0001884917180000083
Each of which is
Figure BDA0001884917180000084
The elements are encrypted for the second time to obtain the ciphertext after the two parties encrypt the 2-party user together
Figure BDA0001884917180000085
And randomly choosing the mapping under Paillier modulus N (j → r)j) Wherein r isj∈Z+Through Pai (t)j+rj)=Pai(tj)×Pai(rj) To each received in a homomorphic way
Figure BDA0001884917180000086
Element and user identifier vjExpected paired related integer value tjPerforming one-time filling encryption to finally obtain ciphertext after the two parties encrypt the 2-party user togetherv12Padded cipher with its paired integer valuetr2To pair
Figure BDA0001884917180000087
S3.2: side 1 save map (j → r)i) And the two parties encrypt the ciphertext after the 2 parties of the usersv12Padded cipher with its paired integer valuetr2To a set of formations
Figure BDA0001884917180000088
Sending the data to the 2 parties in sequence;
S3.3: party 1 uses key k1For user u to be input into set 1iThe method is applied to encryption of elements after RO mapping of the random prediction machine to obtain 1-party user ciphertext after 1-party encryption
Figure BDA0001884917180000089
S3.4: party 1 cipher text cipher after encryptionu1Set of constructs
Figure BDA00018849171800000810
Sending the data to the 2 parties out of order;
s4: the data sent by the party 1 is encrypted by the party 2, a subscript set J of the integer value sum matched with the intersection is obtained, and then the subscript set J is subjected to filling encryption to obtain the sum S of the integer value sum matched with the intersectionJrAnd sending the data to the party 1, which comprises the following steps:
s4.1: party 2 uses key k2Receiving 1 party user cipher text after 1 party encryption
Figure BDA0001884917180000091
Performing secondary encryption to obtain a ciphertext obtained by encrypting the 1-party user by both parties
Figure BDA0001884917180000092
S4.2: 2-square computing cirherv12With a nepheru12Subscript set J of intersection:
Figure BDA0001884917180000093
s4.3: judging whether the intersection cardinality is smaller than a set threshold value, if so, terminating the protocol by the 2-party, and if not, continuing S4.4;
s4.4: the 2 nd party converts all elements Pai (t) corresponding to subscripts in the subscript set Jj+rj) Multiplying, and decrypting by using a private key sk to obtain a sum S of integer values matched with the intersection and provided with one-time filling encryptionJr=∑j∈Jtj+rj
S4.5: 2 Party pairs encrypted with intersectionSum of integer values of SJrAnd sending the subscript set J to the party 1;
s5: 1-way computation of the sum of integer values paired with an intersection
Figure BDA0001884917180000094
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art; the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions as defined in the appended claims.

Claims (7)

1.一种基于Paillier同态加密私有交集和的方法,其特征在于,包括基于Paillier同态加密私有交集和的协议以及基于Paillier同态加密反向私有交集和的协议;1. a method based on Paillier homomorphic encryption private intersection and sum, it is characterized in that, comprise the agreement based on Paillier homomorphic encryption private intersection sum and the agreement based on Paillier homomorphic encryption reverse private intersection sum; (1)基于Paillier同态加密私有交集和的协议,包括以下步骤:(1) A protocol based on Paillier homomorphic encryption private intersection and sum, including the following steps: 步骤1:双方协商关于加密私有交集和的基础设置,具体步骤如下:Step 1: The two parties negotiate the basic settings for encrypted private intersection and sum, and the specific steps are as follows: 步骤1.1:双方协商设置安全参数λ、群G∈G(λ)、用户标识符空间U=U(λ)以及随机预言机RO:U→G,其中,随机预言机RO将用户标识符映射到群G的随机元素中;Step 1.1: The two parties negotiate to set the security parameter λ, the group G∈G(λ), the user identifier space U=U(λ), and the random oracle RO: U→G, where the random oracle RO maps the user identifier to in the random elements of the group G; 步骤1.2:1方持有m个用户标识符的输入集合U1={ui}i∈[1,m],其中,1方的第i个用户ui∈U;Step 1.2: Party 1 holds an input set of m user identifiers U 1 ={u i } i∈[1,m] , where the i-th user of Party 1 is u i ∈ U; 步骤1.3:2方持有n个用户标识符和与之预期配对的相关整数值的集合{(vj,tj)}j∈[1,n],其中,2方的第j个用户vj∈U且与之预期配对的相关整数值tj∈Z+,Z+为正整数,使私有交集和∑tj适合安全参数λ的Paillier消息空间,并定义U2={vj}j∈[1,n]Step 1.3: Party 2 holds a set {(v j ,t j )} j∈[1,n] of n user identifiers and associated integer values with which they are expected to pair, where the jth user v of Party 2 The associated integer value t j ∈ Z + with which j ∈ U is expected to be paired, Z + being a positive integer, makes the private intersection and ∑t j fit into the Paillier message space of the security parameter λ, and defines U 2 = {v j } j ∈[1,n] ; 步骤1.4:每一方a在群G中选取一个随机的秘密指数kaStep 1.4: Each party a selects a random secret index ka in the group G; 步骤1.5:2方使用Pailler加密方案中的Pai.Gen(λ)函数产生一个新的密钥对(pk,sk),并将公钥pk分享给1方;Step 1.5: Party 2 uses the Pai.Gen(λ) function in the Pailler encryption scheme to generate a new key pair (pk, sk), and shares the public key pk to Party 1; 步骤2:1方加密自己的用户标识符集合U1并乱序发给2方;Step 2: Party 1 encrypts its own user identifier set U 1 and sends it to Party 2 out of order; 步骤3:2方加密1方发来的用户数据以及自己的用户标识符集合U2并乱序发给1方;Step 3: Party 2 encrypts the user data sent by Party 1 and its own user identifier set U 2 and sends it to Party 1 out of sequence; 步骤4:1方加密2方发来的数据并求得cipherv12与cipheru12的交集H,再根据集合H得到与交集配对的整数值和的密文Pai(SH)并发送给2方;所述的
Figure FDA0003007557290000011
为1,2双方共同加密1方用户的标识符所得的密文;所述的
Figure FDA0003007557290000012
为1,2双方共同加密2方用户的标识符所得的密文;k1为1方使用的密钥;k2为2方使用的 密钥;Step 4: Party 1 encrypts the data sent by Party 2 and obtains the intersection H of cipher v12 and cipher u12 , and then obtains the ciphertext Pai(S H ) of the sum of integer values paired with the intersection according to the set H and sends it to Party 2; said
Figure FDA0003007557290000011
It is the ciphertext obtained by both parties 1 and 2 jointly encrypting the identifier of the user of the first party; the said
Figure FDA0003007557290000012
is the ciphertext obtained by both parties 1 and 2 jointly encrypting the identifiers of the users of the two parties; k 1 is the key used by party 1; k 2 is the key used by party 2; 步骤5:2方使用Paillier私钥sk解密收到的Paillier加密的与交集配对的整数值的和SH的密文Pai(SH),得到与交集配对的整数值的和SHStep 5: The 2 parties use the Paillier private key sk to decrypt the received Paillier-encrypted ciphertext Pai( SH ) of the integer-valued sum SH paired with the intersection, and obtain the integer-valued sum SH paired with the intersection; (2)基于Paillier同态加密反向私有交集和的协议,包括以下步骤:(2) A protocol based on Paillier homomorphic encryption reverse private intersection and sum, including the following steps: S1:双方协商关于加密私有交集和的基础设置,具体步骤如下:S1: The two parties negotiate the basic settings for encrypted private intersection and sum, and the specific steps are as follows: S1.1:双方协商设置安全参数λ、群G∈G(λ)、用户标识符空间U=U(λ)以及随机预言机RO:U→G,其中,随机预言机RO将用户标识符映射到群G的随机元素中;S1.1: Both parties negotiate to set security parameters λ, group G∈G(λ), user identifier space U=U(λ), and random oracle RO: U→G, where random oracle RO maps user identifiers into a random element of the group G; S1.2:1方持有m个用户标识符的输入集合U1={ui}i∈[1,m],其中,1方的第i个用户ui∈U;S1.2: Party 1 holds an input set of m user identifiers U 1 ={u i } i∈[1,m] , where the i-th user of Party 1 is u i ∈ U; S1.3:2方持有n个用户标识符和与之预期配对的相关整数值的集合{(vj,tj)}j∈[1,n],其中,2方的第j个用户vj∈U且与之预期配对的相关整数值tj∈Z+,Z+为正整数,使私有交集和∑tj适合安全参数λ的Paillier消息空间,并定义2方用户标识符的输入集合U2={vj}j∈[1,n]S1.3: Party 2 holds the set of n user identifiers and associated integer values with which they are expected to pair {(v j ,t j )} j∈[1,n] , where the jth user of Party 2 v j ∈ U and the associated integer value t j ∈ Z + with which it is expected to be paired, Z + being a positive integer, fitting the private intersection and ∑ t j into the Paillier message space of the security parameter λ, and defining the input of the 2-party user identifier set U 2 ={v j } j∈[1,n] ; S1.4:每一方a在群G中选取一个随机的秘密指数kaS1.4: Each party a selects a random secret index ka in the group G; S1.5:2方使用Pailler加密方案中的Pai.Gen(λ)函数产生一个新的密钥对(pk,sk),并将公钥pk分享给1方;S1.5: Party 2 uses the Pai.Gen(λ) function in the Pailler encryption scheme to generate a new key pair (pk,sk), and shares the public key pk to Party 1; S2:2方加密自己的用户标识符集合U2并按顺序发给1方;S2: Party 2 encrypts its own user identifier set U2 and sends it to Party 1 in sequence; S3:1方加密2方发来的用户数据以及自己的用户标识符集合U1并按顺序发给2方;S3: Party 1 encrypts the user data sent by Party 2 and its own user identifier set U 1 and sends it to Party 2 in sequence; S4:2方加密1方发来的数据并求得cipherv12与cipheru12交集下标集合J,再对下标集合J进行填充加密得到与交集配对的整数值的和SJr并发送给1方;S4: 2 parties encrypt the data sent by 1 party and obtain the intersection index set J of cipher v12 and cipher u12 , and then fill and encrypt the subscript set J to obtain the sum S Jr of the integer values paired with the intersection and send it to the 1 party ; S5:1方计算与交集配对的整数值的和
Figure FDA0003007557290000021
在Paillier模数N下,随机地选取映射(j→rj),其中,rj∈Z+S5: 1 party computes the sum of integer values paired with the intersection
Figure FDA0003007557290000021
Under Paillier modulus N, the mapping (j→r j ) is randomly chosen, where r j ∈ Z + . 2.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤2包括以下步骤:2. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step 2 comprises the following steps: 步骤2.1:1方将自己用户标识符集合里的每个用户ui应用于随机预言机RO,然后使用密钥k1第一次加密,得到经1方加密后的1方用户密文
Figure FDA0003007557290000022
Step 2.1: Party 1 applies each user ui in its user identifier set to the random oracle RO, and then uses the key k 1 to encrypt for the first time to obtain the encrypted ciphertext of the 1-party user
Figure FDA0003007557290000022
 步骤2.2:1方将加密后的用户密文cipheru1构成的集合
Figure FDA0003007557290000023
乱序发给2方。Step 2.2: Party 1 forms the set of encrypted user ciphertext cipher u1
Figure FDA0003007557290000023
Distributed to 2 parties out of order. 3.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤3包括以下步骤:3. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step 3 comprises the following steps: 步骤3.1:2方使用密钥k2对接收到的每个经1方加密后的1方用户密文
Figure FDA0003007557290000024
元素进行二次加密,得到双方共同对1方用户加密后的密文
Figure FDA0003007557290000025
Step 3.1: The 2 party uses the key k 2 to receive each encrypted 1-party user ciphertext received by the 1-party
Figure FDA0003007557290000024
The element is encrypted twice, and the ciphertext encrypted by both parties to the user of one party is obtained.
Figure FDA0003007557290000025
 步骤3.2:2方将双方共同对1方用户加密后的密文cipheru12构成的集合
Figure FDA0003007557290000026
乱序发给1方;Step 3.2: The two parties will jointly encrypt the set of cipher u12 formed by the cipher text cipher u12 of the user of the first party
Figure FDA0003007557290000026
Send to 1 party out of order; 步骤3.3:2方使用密钥k2对将输入集合元素(vj,tj)对中每个用户标识符vj应用于随机预言机RO映射后的元素进行加密,再使用Paillier公钥pk对输入集合元素(vj,tj)对中与每个用户标识符vj预期配对的相关整数值tj进行加密,得到经2方加密后的2方用户密文
Figure FDA0003007557290000027
Figure FDA0003007557290000028
和经2方加密后的2方用户配对的整数值的密文ciphert2=Pai(tj)对;Step 3.3: The two parties use the key k 2 to encrypt each user identifier v j in the input set element (v j , t j ) to the elements mapped by the random oracle RO, and then use the Paillier public key pk Encrypt the relevant integer value t j expected to be paired with each user identifier v j in the pair of input set elements (v j , t j ) to obtain the 2-party user ciphertext after 2-party encryption
Figure FDA0003007557290000027
Figure FDA0003007557290000028
cipher t2 = Pai(t j ) pair of integer-valued cipher text paired with 2-party users after 2-party encryption; 步骤3.4:2方将加密后的用户密文cipherv2和与之配对的整数值密文ciphert2对构成的集合
Figure FDA0003007557290000031
乱序发给1方。Step 3.4: Party 2 sets up the set of encrypted user cipher text cipher v2 and paired integer-valued cipher text cipher t2
Figure FDA0003007557290000031
Send to 1 party out of order. 4.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤4包括以下步骤:4. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step 4 comprises the following steps: 步骤4.1:1方使用密钥k1对接收到的经2方加密后的用户密文cipherv2和与之配对的整数值密文ciphert2对构成的集合
Figure FDA0003007557290000032
中的每个元素
Figure FDA0003007557290000033
进行二次加密,得到双方共同对2方用户加密后的密文cipherv12和与之配对的整数值密文ciphert2
Figure FDA0003007557290000034
Step 4.1: Party 1 uses the key k 1 to pair the received user cipher v2 encrypted by 2 with the pair of integer-valued cipher t2 paired with it.
Figure FDA0003007557290000032
each element in
Figure FDA0003007557290000033
Perform secondary encryption to obtain the pair of cipher v12 encrypted by both parties and the paired integer cipher t2 .
Figure FDA0003007557290000034
 步骤4.2:1方计算cipherv12与cipheru12的交集H:
Figure FDA0003007557290000035
Step 4.2: 1 party calculates the intersection H of cipher v12 and cipher u12 :
Figure FDA0003007557290000035
 步骤4.3:对于集合H中的每个元素h,1方将与h配对的整数值密文ciphert2=Pai(tj)相乘,同态地得到与交集配对的整数值的和SH的密文Pai(SH):Pai(SH)=Pai(∑j∈Htj)=Pai.Sum({Pai(tj)}j∈H);Step 4.3: For each element h in the set H, party 1 multiplies the integer-valued ciphertext cipher t2 = Pai(t j ) paired with h, and homomorphically obtains the integer-valued sum SH paired with the intersection set Ciphertext Pai(S H ): Pai(S H )=Pai(∑ j∈H t j )=Pai.Sum({Pai(t j )} j∈H ); 步骤4.4:1方将与交集配对的整数值的和SH的密文Pai(SH)发送给2方。Step 4.4: Party 1 sends the ciphertext Pai( SH ) of the integer-valued sum SH paired with the intersection to Party 2. 5.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤S2包括以下步骤:5. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step S2 comprises the following steps: S2.1:2方使用密钥k2对将输入集合元素(vj,tj)对中每个用户标识符vj应用于随机预言机RO的元素进行加密,再使用Paillier公钥pk对输入集合元素(vj,tj)对中与每个用户标识符vj预期配对的相关整数值tj进行加密,得到经2方加密后的2方用户密文
Figure FDA0003007557290000036
和经2方加密后的2方用户配对的整数值的密文ciphert2=Pai(tj)对;S2.1: The two parties use the key k 2 to encrypt the elements of the input set element (v j , t j ) that each user identifier v j is applied to the random oracle RO, and then use the Paillier public key pk to pair Encrypt the relevant integer value t j expected to be paired with each user identifier v j in the input set element (v j , t j ) to obtain the 2-party user ciphertext after 2-party encryption
Figure FDA0003007557290000036
cipher t2 = Pai(t j ) pair of integer-valued cipher text paired with 2-party users after 2-party encryption; S2.2:2方将加密后的用户密文cipherv2和与之配对的整数值密文ciphert2对构成的集合
Figure FDA0003007557290000037
按顺序发给1方。S2.2: Party 2 sets the encrypted user cipher text cipher v2 and the paired integer-valued cipher text cipher t2 to form the set
Figure FDA0003007557290000037
Send to 1 party in order. 6.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤S3包括以下步骤:6. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step S3 comprises the following steps: S3.1:1方使用密钥k1对接收到的经2方加密后的用户密文cipherv2和与之配对的整数值密文ciphert2对构成的集合
Figure FDA0003007557290000038
中的每个
Figure FDA0003007557290000039
元素进行二次加密,得到双方共同对2方用户加密后的密文
Figure FDA00030075572900000310
并且在Paillier模数N下,随机地选取映射(j→rj),其中,rj∈Z+,通过Pai(tj+rj)=Pai(tj)×Pai(rj)同态地对接收到的每个
Figure FDA00030075572900000311
元素中与用户标识符vj预期配对的相关整数值tj进行一次性填充加密,最终得到双方共同对2方用户加密后的密文cipherv12和与之配对的整数值密文经填充的ciphertr2
Figure FDA0003007557290000041
S3.1: Party 1 uses the key k 1 to pair the received user cipher v2 encrypted by 2 with the pair of integer-valued cipher t2 paired with it.
Figure FDA0003007557290000038
each of
Figure FDA0003007557290000039
The element is encrypted twice, and the ciphertext encrypted by the two parties is obtained by both parties.
Figure FDA00030075572900000310
And under Paillier modulus N, randomly select the mapping (j→r j ), where r j ∈ Z + , by Pai(t j +r j )=Pai(t j )×Pai(r j ) homomorphism ground to each received
Figure FDA00030075572900000311
The related integer value t j expected to be paired with the user identifier v j in the element is encrypted by one-time padding, and finally the cipher v12 encrypted by the two parties and the cipher paired with the paired integer value cipher is obtained. tr2 pair
Figure FDA0003007557290000041
 S3.2:1方保存映射(j→rj)并将双方共同对2方用户加密后的密文cipherv12和与之配对的整数值密文经填充的ciphertr2对构成的集合
Figure FDA0003007557290000042
按顺序发给2方;S3.2: Party 1 saves the mapping (j→r j ) and jointly encrypts the cipher v12 encrypted by the users of Party 2 and the pair of integer-valued cipher tr2 that is paired with the padded cipher tr2 .
Figure FDA0003007557290000042
Send to 2 parties in order; S3.3:1方使用密钥k1对将输入集合1中的用户ui应用于随机预言机RO映射后的元素进行加密,得到经1方加密后的1方用户密文
Figure FDA0003007557290000043
S3.3: Party 1 uses the key k 1 to encrypt the user ui in the input set 1 to the elements mapped by the random oracle machine RO, and obtain the encrypted ciphertext of the 1-party user after the 1-party encryption
Figure FDA0003007557290000043
 S3.4:1方将加密后的用户密文cipheru1构成的集合
Figure FDA0003007557290000044
乱序发给2方。S3.4: The set of encrypted user cipher text cipher u1 formed by party 1
Figure FDA0003007557290000044
Distributed to 2 parties out of order. 7.根据权利要求1所述的基于Paillier同态加密私有交集和的方法,其特征在于,所述步骤S4包括以下步骤:7. the method for private intersection sum based on Paillier homomorphic encryption according to claim 1, is characterized in that, described step S4 comprises the following steps: S4.1:2方使用密钥k2对接收到的每个经1方加密后的1方用户密文
Figure FDA0003007557290000045
进行二次加密,得到双方共同对1方用户加密后的密文
Figure FDA0003007557290000046
S4.1: The 2 party uses the key k 2 to receive each encrypted 1-party ciphertext of the 1-party user
Figure FDA0003007557290000045
Perform secondary encryption to obtain the ciphertext encrypted by both parties to the user of one party
Figure FDA0003007557290000046
 S4.2:2方计算cipherv12与cipheru12交集的下标集合J:
Figure FDA0003007557290000047
S4.2: 2-party calculation of the subscript set J of the intersection of cipher v12 and cipher u12 :
Figure FDA0003007557290000047
 S4.3:判断交集基数是否小于设定阈值,若是,则2方终止协议,若否,则继续S4.4;S4.3: Determine whether the intersection cardinality is less than the set threshold, if so, the two parties terminate the agreement, if not, continue to S4.4; S4.4:2方将下标集合J中下标对应的所有元素Pai(tj+rj)相乘,再使用私钥sk解密,得到带一次性填充加密的与交集配对的整数值的和SJr=∑j∈Jtj+rjS4.4: Party 2 multiplies all elements Pai(t j +r j ) corresponding to the subscripts in the subscript set J, and then decrypts with the private key sk to obtain the integer value paired with the intersection paired with one-time padding encryption. and S Jr =∑ j∈J t j +r j ; S4.5:2方将加密的与交集配对的整数值的和SJr以及下标集合J发送给1方。S4.5: Party 2 sends the encrypted sum S Jr of integer values paired with the intersection and the set of subscripts J to Party 1.
CN201811442107.6A 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier Expired - Fee Related CN109525386B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811442107.6A CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811442107.6A CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Publications (2)

Publication Number Publication Date
CN109525386A CN109525386A (en) 2019-03-26
CN109525386B true CN109525386B (en) 2021-05-18

Family

ID=65794521

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811442107.6A Expired - Fee Related CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Country Status (1)

Country Link
CN (1) CN109525386B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086717B (en) * 2019-04-30 2021-06-22 创新先进技术有限公司 Method, apparatus and system for data security matching
CN110324321B (en) * 2019-06-18 2021-07-13 创新先进技术有限公司 Data processing method and device
CN110399741A (en) * 2019-07-29 2019-11-01 深圳前海微众银行股份有限公司 Data alignment method, device and computer-readable storage medium
US10885203B2 (en) * 2019-08-01 2021-01-05 Advanced New Technologies Co., Ltd. Encrypted data exchange
CN110535622A (en) * 2019-08-01 2019-12-03 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN111641603B (en) * 2020-05-15 2022-07-01 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111832050B (en) * 2020-07-10 2021-03-26 深圳致星科技有限公司 Paillier encryption scheme based on FPGA chip implementation for federal learning
CN111741020B (en) * 2020-07-31 2020-12-22 支付宝(杭州)信息技术有限公司 Public data set determination method, device and system based on data privacy protection
CN111931221B (en) * 2020-09-25 2021-01-01 支付宝(杭州)信息技术有限公司 Data processing method, device and server
CN112434329A (en) * 2020-10-23 2021-03-02 上海点融信息科技有限责任公司 Private data intersection acquisition method, computing device and storage medium
KR102284877B1 (en) * 2020-12-14 2021-07-30 세종대학교산학협력단 Efficient functional encryption for set intersection
CN112651042A (en) * 2020-12-23 2021-04-13 上海同态信息科技有限责任公司 Intersection solving method based on trusted third-party private data
CN113034276A (en) * 2020-12-29 2021-06-25 上海能链众合科技有限公司 Block chain privacy transaction solution method
CN113179150B (en) * 2021-04-26 2022-07-01 杭州宇链科技有限公司 Homomorphic privacy set intersection method based on order preserving function
CN113032848B (en) * 2021-05-20 2021-08-10 华控清交信息科技(北京)有限公司 Data processing method and chip for data processing
CN113343255B (en) * 2021-06-04 2024-06-25 百融云创科技股份有限公司 Data interaction method based on privacy protection
CN113434888B (en) * 2021-07-06 2022-08-26 建信金融科技有限责任公司 Data sharing method, device, equipment and system
CN113806795B (en) * 2021-08-10 2024-03-01 中国科学院信息工程研究所 A two-party privacy set union calculation method and device
CN114826546B (en) * 2022-04-02 2024-08-27 支付宝(杭州)信息技术有限公司 Transaction data processing method and device
CN116595562B (en) * 2023-06-06 2024-07-19 北京火山引擎科技有限公司 Data processing method and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
CN108055118A (en) * 2017-12-11 2018-05-18 东北大学 A kind of diagram data intersection computational methods of secret protection
CN108737115A (en) * 2018-06-20 2018-11-02 湖北工业大学 A kind of efficient privately owned property set intersection method for solving with secret protection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8526603B2 (en) * 2011-07-08 2013-09-03 Sap Ag Public-key encrypted bloom filters with applications to private set intersection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
CN108055118A (en) * 2017-12-11 2018-05-18 东北大学 A kind of diagram data intersection computational methods of secret protection
CN108737115A (en) * 2018-06-20 2018-11-02 湖北工业大学 A kind of efficient privately owned property set intersection method for solving with secret protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于双线性映射的公共可验证外包计算方案;李福祥 等;《东北大学学报(自然科学版)》;20160531;第37卷(第5期);第619-623页 *

Also Published As

Publication number Publication date
CN109525386A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
CN109525386B (en) Paillier homomorphic encryption private aggregation and method based on Paillier
Fujioka et al. Strongly secure authenticated key exchange from factoring, codes, and lattices
US9008312B2 (en) System and method of creating and sending broadcast and multicast data
US9172529B2 (en) Hybrid encryption schemes
Tseng et al. A chaotic maps-based key agreement protocol that preserves user anonymity
CN104158880B (en) User-end cloud data sharing solution
Sumartono et al. An overview of the RC4 algorithm
CN114491578A (en) A Secure Data Aggregation Method for Privacy Computing
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
Gupta et al. Enhancement of Security of Diffie-Hellman Key Exchange Protocol using RSA Cryptography.
CN106549753A (en) The encipherment scheme that a kind of support ciphertext of identity-based compares
CN110113155A (en) One kind is efficiently without CertPubKey encryption method
CN110299987A (en) A kind of millionaires' problem solution based on homomorphic cryptography
CN107172043B (en) A kind of smart power grid user sale of electricity method based on homomorphic cryptography
CN109543434A (en) Block chain information encryption method, decryption method, storage method and device
CN112104454A (en) Data secure transmission method and system
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
Zhao et al. Security analysis of a password-based authentication protocol proposed to IEEE 1363
CN106878322A (en) An Encryption and Decryption Method Based on Attribute-Based Fixed-length Ciphertext and Key
Olumide et al. A hybrid encryption model for secure cloud computing
CN100544250C (en) Encryption and Decryption Method of Network Information Broadcasting
Wang et al. Key escrow protocol based on a tripartite authenticated key agreement and threshold cryptography
CN110321722A (en) The safe calculation method of DNA sequence dna likelihood and system
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
CN104902471B (en) The key of identity-based exchanges design method in wireless sensor network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210518