CN-117792634-B - Communication method in secure multiparty computing protocol based on linear secret sharing technology

Abstract

The invention discloses a communication method in a secure multiparty computing protocol based on a linear secret sharing technology, wherein N nodes with shared values of M secret values on average are divided into N parts by each node, the method comprises the steps of carrying out N-1 round of communication according to a preset sequence and a preset method, each node comprises all M original secret value results after the communication is finished, in the first communication process, the node i sequentially sends the i, i-1, i-2 th secret sharing value to the next node i+1, the node i+1 is accumulated with the i, i-1, i-2 th secret sharing value after receiving the i+1, and in the second communication process, the node i sequentially sends the i+1, i-1, i-2 th secret sharing value to the next node, and the node i+1 sequentially sends the i+1, i-1, i-2 th secret sharing value to the next node.

Inventors

• ZHANG BINGCHENG
• TIAN LEIYUAN
• CHEN HUI
• REN KUI

Assignees

• 浙江大学
• 浙江大学嘉兴研究院

Dates

Publication Date

20260512

Application Date

20231229

Claims (7)

1. 1. A method of communication in a secure multi-party computing protocol based on a linear secret sharing technique, wherein for N nodes that average a shared value with M secret values, each node splits its own secret shared value into N shares, the method comprising: The nodes perform N-1 rounds of communication according to a preset sequence and method, so that after the communication is finished, each node contains M secret value results, and recovery of secret sharing values is realized; In the first communication process, the node i sequentially sends the own i, i-1, i-2 to the next node i+1, and the received i, i-1, i-2 of the node i+1 and the own i, i-1, i-2 of the node i+1 are added together; in the second communication process, the node i sequentially sends the own i+1, i, i-1, i-2..once again to the next node, and the node i+1 replaces the own i+1, i, i-1, i-2..once again with the received secret value; the first N-1 round of communication is carried out according to a preset sequence and method, specifically: in the first round of communication, node 1 sends the 1 st secret sharing value to node 2, after receiving, the node 2 accumulates the 1 st secret sharing value with itself, node 2 sends the 2 nd secret sharing value to node 3, after receiving, the node 3 accumulates the 2 nd secret sharing value with itself, node N sends the N secret sharing value to node 1, after receiving, the node 1 accumulates the N secret sharing value with itself; In the second round of communication, node 2 sends the 1 st secret sharing value to node 3, after receiving, the node 3 accumulates the 1 st secret sharing value with itself, node 3 sends the 2 nd secret sharing value to node 4, after receiving, the node 4 accumulates the 2 nd secret sharing value with itself, node 1 sends the N secret sharing value to node 2, after receiving, the node 2 accumulates the N secret sharing value with itself; The rest of the round communication process is similar; After the N-1 round of communication is finished, the node 1 obtains the secret value of the 2 nd data, the node 2 obtains the secret value of the 3 rd data, and the node N obtains the secret value of the 1 st data; The second N-1 round of communication is carried out according to a preset sequence and method, specifically: In the first round of communication, node 1 sends 2 nd secret values to node 2, after receiving, the node 2 replaces the 2 nd data with receiving values, node 2 sends 3 rd secret values to node 3, after receiving, the node 3 replaces the 3 rd data with receiving values, node N sends 1 st secret values to node 1, after receiving, the node 1 replaces the 1 st data with receiving values; In the second round of communication, node 2 sends the 2 nd secret value to node 3, after receiving the 3 rd, replace own 2 nd data with the received value, node 3 sends the 3 rd secret value to node 4, after receiving the 4 rd, replace own 3 rd data with the received value..A. node 1 sends the 1 st secret value to node 2, after receiving the 2 nd, replace own 1 st data with the received value; the remaining round of communication and so on; after the N-1 round of communication is finished, all M secret value results are obtained by the N nodes.
2. 2. The method of claim 1, wherein the N nodes adopt an end-to-end ring structure, and each node only transmits and receives data with a neighbor node in a sequential direction in each round of communication.
3. 3. A secure multiparty computing method, characterized in that the secure multiparty computation based on a linear secret sharing technique is performed by means of the communication method according to claim 1.
4. 4. A secure multiparty learning method in a wide area network, wherein the wide area network comprises a plurality of servers, and secure multiparty learning is performed between the servers through the communication method of claim 1.
5. 5. A fraud prevention joint analysis method, comprising: Each financial institution anonymizes or de-identifies the local sensitive information, standardizes the processed local customer financial information, and performs secret sharing of the standardized local customer financial information by using the communication method of claim 1, thereby obtaining the local customer financial information of other financial institutions; each financial institution uses the communication method of any of claims 1-3 for fraud pattern recognition based on a secure multiparty learning framework.
6. 6. An electronic device, comprising: one or more processors; A memory for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of claim 1.
7. 7. A computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of the method according to claim 1.

Description

Communication method in secure multiparty computing protocol based on linear secret sharing technology Technical Field The invention relates to the field of secure multiparty computing, and provides a new communication mode design in a secure multiparty computing protocol, in particular to a communication method in the secure multiparty computing protocol based on a linear secret sharing technology. Background How to build a platform bridge for a data island on the premise of legal compliance is a global industry problem which needs to be solved urgently. Secure Multi-party computing (SMC) is a cryptographic method that allows multiple participants to jointly compute the result of a function without revealing the respective input information. The safe multiparty learning is a privacy protection machine learning method and framework based on safe multiparty computing, can help each data holder to open up transmission channels among data islands, realizes safe collaborative training of a machine learning model, and ensures data privacy and model training effectiveness. In secure multiparty computing, protection of data privacy and security of the computing often need to be achieved by a (linear) secret sharing scheme. However, the huge communication overhead of the recovery phase in (linear) secret sharing has gradually become a major obstacle for model training with secure multiparty computing techniques. Therefore, how to design an efficient secure multiparty computing protocol becomes a current research hotspot. Secret sharing (SECRET SHARING, SS) is a distributed security protocol in cryptography for managing and protecting symmetric secrets, an important cryptographic primitive, an important building block in complex secure multiparty computing protocol design. Such a protocol allows one secret (such as an encryption key, an important credential or sensitive data) to be dispersed into a plurality of sub-secrets (shares) each of which alone cannot provide any information about the original secret. Secret sharing techniques typically include two phases, secret segmentation and secret recovery. The secret segmentation stage breaks the original secret into parts and these parts alone do not contain any information about the original secret. The secret recovery phase is generally Linear, and for a Linear secret sharing scheme (Linear SS), the original secret value can be recovered after the secret sharing value of the designated number of the participants is linearly added by a designated algorithm, and meanwhile, communication among a plurality of participants is involved in the secret recovery phase. The number of participants required in the recovery process can be classified into Strict secret sharing (struct SS) which requires all sub-secret parameters to recover the original secret value and threshold secret sharing (threshold SS) which requires only a set of sub-secrets exceeding the set threshold (threshold) number to recover the original secret. Among the strict secret sharing methods, the most widely used scheme is additive secret sharing (ADDITIVE SECRET SHARING), and among the threshold secret sharing methods, shamir secret sharing, brickell secret sharing, brickell secret sharing, etc., the most widely used scheme is Shamir secret sharing. In the addition secret sharing, it is assumed that there are n participants in total, and the secret value is S. In the secret-splitting phase, a large prime number p is first selected such that S < p, n-1 numbers r1, r2, r n-1, each less than p, are randomly selected, and the nth share r n＝S-(r1+r2+...+rn-1) mod p is calculated. In the secret recovery phase, the secret sharing values of n participants need to be accumulated to obtain the original secret value, i.e. s= (r 1+r2+...+rn) mod p. The recovery phase requires multiple parties to communicate the respective secret sharing values as data. The design of (t, n) threshold is adopted in Shamir secret sharing, and the original secret value can be recovered only when not less than t secret sharing values, assuming that n participants are shared, the secret value is S, and the threshold is t. In the secret-segmentation stage, a large prime number p is chosen such that S < p, a polynomial f (x) =a 0+a1x+...+at-1xt-1 of order (t-1) is constructed, where a 0 =s, the other coefficients a 1,...,at-1 are randomly chosen and smaller than p, n shares are generated, each share being (x i,f(xi) mod p, where x i is a unique non-zero positive integer. In the secret recovery stage, a lagrangian interpolation formula is used,Where y i is the f (x i) value in the share, x i and x j are the x values in the share, and l i (0) is the lagrangian coefficient (constant value in the case of a participant determination) of the participant i. The recovery phase requires multiple parties to communicate the respective secret sharing values (weighted by lagrangian coefficients) as data. In either method of secret sharing, during the reco