US-12627482-B2 - Secure three-party multiplication method and system for privacy computing

Abstract

The present disclosure provides a secure three-party multiplication method and system for privacy computing, involving the technical field of privacy computing. The method includes that an auxiliary compute node generates three groups of random matrix pairs randomly and transmits the random matrix pairs to three parties, and the three parties compute respective sum matrixes based on a sum of respective random matrixes and private matrixes, respectively Â, Ĉ and {circumflex over (B)}. A second party generates a matrix set according to a sum matrix, a first party obtains T a based on the matrix set and its own secret matrix, the second party obtains T b based on its own random secret matrix and T a , and the third party generates its own random secret matrix based on T b and the matrix set, and obtains a product matrix according to three random secret matrixes. The present disclosure can improve reliability of result accuracy.

Inventors

• Haogang Zhu
• Shizhao Peng
• Jiarui TU

Assignees

• BEIHANG UNIVERSITY

Dates

Publication Date

20260512

Application Date

20231005

Priority Date

20230404

Claims (6)

1. 1 . A secure three-party multiplication method for privacy computing, which is implemented by a first participant node, a second participant node, and a third participant node as distributed computation nodes, wherein, each of the first participant node, the second participant node, and the third participant node is deployed with a distributed computing framework comprising a task acquisition module, a security computation module, a rule generation module, a consensus computation module, and a data transmission module, wherein the task acquisition module receives and parses a request for a three-party matrix multiplication computation from an external client as a three-party matrix multiplication computation requestor, and transmits the parsed request to the security computation module; the security computation module automatically matches a multi-party security computation protocol according to the parsed request; the rule generation module splits a computation task according to an asynchronous instruction set of the security computation protocol for the distributed computation nodes to perform a cooperative computation according to respective self-rules; the consensus computation module, after receiving and being assigned to the sub-rules, ensures synchronization of the computation and consistency of a result through a consensus agreement; and after completing a computation, the data transmission module collects and transmits computation results to the three-party matrix multiplication computation requestor; wherein the secure three-party multiplication method for privacy computing comprises: generating, by an auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) to the first, and (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node, wherein r a +r b +r c =R a ·R b ·R c ; computing, by the second participant node, a sum of the random matrix R b and a private matrix B of the second participant node to obtain a matrix {circumflex over (B)}, and determining whether the matrix {circumflex over (B)} is a non-full rank matrix to obtain a first determining result; when the first determining result is no, returning to a step of generating, by the auxiliary compute node, three groups of random matrix pairs randomly, (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node; when the first determining result is yes, computing a matrix φ 1 according to a matrix  and the matrix {circumflex over (B)}, computing a matrix γ 1 according to the matrix  and the random matrix R b , computing a matrix φ 2 according to the matrix {circumflex over (B)} and a matrix Ĉ, computing a matrix γ 2 according to the random matrix R b and the matrix Ĉ, sending the matrix γ 1 and the matrix φ 1 to the third participant node, and sending the matrix γ 2 and the matrix φ 2 to the first participant node; wherein the matrix  is obtained by computing a sum of the random matrix R a and a private matrix A of the first participant node by the first participant node, and the matrix Ĉ is obtained by computing a sum of the random matrix R c and a private matrix C of the third participant node by the third participant node; decomposing, by the second participant node, the matrix {circumflex over (B)} through a manner of full rank decomposition to obtain a column full rank matrix B 1 and a row full rank matrix B 2 , wherein ranks of the matrix {circumflex over (B)}, the column full rank matrix B 1 , and the row full rank matrix B 2 are equal, sending the column full rank matrix B 1 to the first participant node, and sending the row full rank matrix B 2 to the third participant node; generating, by the first participant node, a secret random matrix V a randomly, computing a matrix T a according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the secret random matrix V a and the random matrix r a , computing a matrix t 1 according to the random matrix R a and the column full rank matrix B 1 , sending the matrix T a and the matrix t 1 to the second participant node, and sending the secret random matrix V a to a three-party matrix multiplication computation requestor; generating, by the second participant node, a secret random matrix V b randomly, obtaining a matrix T b according to the matrix T a , the matrix Â, the random matrix R a , the matrix Ĉ, the matrix t 1 , a matrix t 2 , the secret random matrix V b , and the random matrix T b , sending the matrix T b to the third participant node, and sending the secret random matrix V b to the three-party matrix multiplication computation requestor; wherein the matrix t 2 is obtained by computing by the third participant node according to the row full rank matrix B 2 and the random matrix R c ; obtaining, by the third participant node, a secret random matrix V c according to the matrix T b , the matrix φ 1 , the matrix γ 1 , the random matrix R c , and the random matrix r c , and sending the secret random matrix V c to the three-party matrix multiplication computation requestor; and obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix V c .
2. 2 . The secure three-party multiplication method for privacy computing according to claim 1 , after the obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix V c , further comprising: determining, by the three-party matrix multiplication computation requestor, whether the product matrix ABC is reliable according to a self-checking matrix C a , a self-checking matrix C b , a self-checking matrix C c and a self-checking key Ckey, when the product matrix ABC is not reliable, returning to the step of generating, by the auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and, (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node, and when the product matrix ABC is reliable, ending computing; wherein the self-checking key Ckey is obtained by the auxiliary compute node according to the random matrix r a , the random matrix r b , and the random matrix r c ; the self-checking matrix C a is obtained by the first participant node according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 the random matrix R a , and the secret random matrix V a ; the self-checking matrix C b is obtained by the second participant node according to the matrix Â, the random matrix R b , the matrix Ĉ, the matrix t 1 , the matrix t 2 , and the secret random matrix V b ; and the self-checking matrix C c is obtained by the third participant node according to the matrix φ 1 , the random matrix R c , the matrix γ 1 , and the secret random matrix V c .
3. 3 . A secure three-party multiplication method for privacy computing, which is implemented by a first participant node, a second participant node, and a third participant node as distributed computation nodes, wherein, each of the first participant node, the second participant node, and the third participant node is deployed with a distributed computing framework comprising a task acquisition module, a security computation module, a rule generation module, a consensus computation module, and a data transmission module, wherein the task acquisition module receives and parses a request for a three-party matrix multiplication computation from an external client as a three-party matrix multiplication computation requestor, and transmits the parsed request to the security computation module; the security computation module automatically matches a multi-party security computation protocol according to the parsed request; the rule generation module splits a computation task according to an asynchronous instruction set of the security computation protocol for the distributed computation nodes to perform a cooperative computation according to respective self-rules; the consensus computation module, after receiving and being assigned to the sub-rules, ensures synchronization of the computation and consistency of a result through a consensus agreement; and after completing a computation, the data transmission module collects and transmits computation results to the three-party matrix multiplication computation requestor; wherein the secure three-party multiplication method for privacy computing comprises: generating, by an auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node, wherein r a +r b +r c =R a ·R b ·R c ; computing, by the second participant node, a sum of the random matrix R b and a private matrix B of the second participant node to obtain a matrix {circumflex over (B)}, computing a matrix φ 1 according to a matrix  and the matrix {circumflex over (B)}, computing a matrix γ 1 according to the matrix  and the random matrix R b , computing a matrix φ 2 according to the matrix {circumflex over (B)} and a matrix Ĉ, computing a matrix γ 2 according to the random matrix R b and the matrix Ĉ, and sending the matrix γ 1 and the matrix φ 1 to the third participant node, and sending the matrix γ 2 and the matrix φ 2 to the first participant node; wherein the matrix  is obtained by computing a sum of the random matrix R a and a private matrix A of the first participant node by the first participant node, and the matrix Ĉ is obtained by computing a sum of the random matrix R c and a private matrix C of the third participant node by the third participant node; decomposing, by the second participant node, the matrix {circumflex over (B)} through a manner of full rank decomposition to obtain a column full rank matrix B 1 and a row full rank matrix B 2 , wherein ranks of the matrix {circumflex over (B)}, the column full rank matrix B 1 , and the row full rank matrix B 2 are equal, sending the column full rank matrix B 1 to the first participant node, and sending the row full rank matrix B 2 to the third participant node; generating, by the first participant node, a secret random matrix randomly, and performing scheme 1 or scheme 2; wherein the scheme 1 comprises: computing a matrix T a according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the secret random matrix V a , and the random matrix r a , computing a matrix t 1 according to the random matrix R a and the column full rank matrix B 1 , sending the matrix T a to the second participant node, sending the matrix t 1 to the third participant node, and sending the secret random matrix V a to a three-party matrix multiplication computation requestor; the scheme 2 comprises: computing a matrix T a according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the secret random matrix V a , the column full rank matrix B 1 , a matrix t 2 and the random matrix r a , sending the matrix T a to the second participant node, and sending the secret random matrix V a to the three-party matrix multiplication computation requestor; wherein the matrix t 2 is obtained by computing by the third participant node according to the row full rank matrix B 2 and the random matrix R c ; generating, by the second participant node, a secret random matrix V b randomly, obtaining a matrix T b according to the matrix T a , the matrix Â, the random matrix R b , the matrix Ĉ, the sending the matrix V b , and the random matrix r b , secret random matrix T b to the third participant node, and sending the secret random matrix V b to the three-party matrix multiplication computation requestor; when the first participant node performs the scheme 1, obtaining, by the third participant node, a secret random matrix V c according to the matrix T b , the matrix t 1 , the row full rank B 2 matrix, the random matrix R c , the matrix φ 1 , the matrix γ 1 , and the random matrix r c , and sending the secret random matrix V c to the three-party matrix multiplication computation requestor; when the first participant node performs the scheme 2, obtaining, by the third participant node, a secret random matrix V c according to the matrix T b , the random matrix R c , the matrix φ 1 , the matrix γ 1 , and the random matrix r c , and sending the secret random matrix V c to the three-party matrix multiplication computation requestor; and obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix V c .
4. 4 . The secure three-party multiplication method for privacy computing according to claim 3 , after the obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix V c , further comprising: determining, by the three-party matrix multiplication computation requestor, whether the product matrix ABC is reliable according to a self-checking matrix C a , a self-checking matrix C b , a self-checking matrix C c and a self-checking key Ckey, when the product matrix ABC is not reliable, returning to a step of generating, by an auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node, and when the product matrix ABC is reliable, ending computing; wherein the self-checking key Ckey is obtained by the auxiliary compute node according to the random matrix r a , the random matrix r b , and the random matrix r c ; when the first participant node performs the scheme 1, the self-checking matrix C a is obtained by the first participant node according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R b , and the secret random matrix V a ; the self-checking matrix C b is obtained by the second participant node according to the matrix Â, the random matrix R a , the matrix Ĉ, and the secret random matrix V b ; the self-checking matrix C c is obtained by the third participant node according to the matrix φ 1 , the random matrix R c the matrix γ 1 , the matrix t 1 , the row full rank matrix B 2 , and the secret random matrix V c ; when the first participant node performs the scheme 2, the self-checking matrix C a is obtained by the first participant node according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , random matrix R b , the secret random matrix V a , the column full rank matrix B 1 , the random matrix R a , and the matrix t 2 ; the self-checking matrix C b is obtained by the second participant node according to the matrix Â, the random matrix R a , the matrix Ĉ, and the secret random matrix V b ; and the self-checking matrix C c is obtained by the third participant node according to the matrix, the random φ 1 , the random matrix R c , the matrix γ 1 , and the secret random matrix V c .
5. 5 . A secure three-party multiplication method for privacy computing, which is implemented by a first participant node, a second participant node, and a third participant node as distributed computation nodes, wherein, each of the first participant node, the second participant node, and the third participant node is deployed with a distributed computing framework comprising a task acquisition module, a security computation module, a rule generation module, a consensus computation module, and a data transmission module, wherein the task acquisition module receives and parses a request for a three-party matrix multiplication computation from an external client as a three-party matrix multiplication computation requestor, and transmits the parsed request to the security computation module; the security computation module automatically matches a multi-party security computation protocol according to the parsed request; the rule generation module splits a computation task according to an asynchronous instruction set of the security computation protocol for the distributed computation nodes to perform a cooperative computation according to respective self-rules; the consensus computation module, after receiving and being assigned to the sub-rules, ensures synchronization of the computation and consistency of a result through a consensus agreement; and after completing a computation, the data transmission module collects and transmits computation results to the three-party matrix multiplication computation requestor; wherein the secure three-party multiplication method for privacy computing comprises: generating, by an auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair (R a , r a ) to a first participant node, sending the random matrix pair (R b , r b ) to a second participant node, and sending the random matrix pair (R c , r c ) to a third participant node, wherein r a +r b +r c =R a ·R b ·R c ; computing, by the second participant node, a sum of the random matrix R b and a private matrix B of the second participant node to obtain a matrix {circumflex over (B)}, and determining whether the matrix {circumflex over (B)} is a non-full rank matrix to obtain a first determining result; when the first determining result is no, returning to a step of generating, by the auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node; when the first determining result is yes, computing a matrix φ 1 according to a matrix  and the matrix {circumflex over (B)}, computing a matrix γ 1 according to the matrix  and the random matrix R b , computing a matrix φ 2 according to the matrix {circumflex over (B)} and a matrix Ĉ, computing a matrix γ 2 according to the random matrix R b and the matrix Ĉ, and performing a first scheme or a second scheme; wherein the first scheme comprises: sending the matrix γ 1 and the matrix φ 1 to the third participant node, and sending the matrix {circumflex over (B)}, the matrix γ 2 , and the matrix φ 2 to the first participant node; the second scheme comprises: sending the matrix {circumflex over (B)}, the matrix γ 1 , and the matrix φ 1 to the third participant node, and sending the matrix γ 2 and the matrix φ 2 to the first participant node; the matrix  is obtained by computing a sum of the random matrix R a and a private matrix A of the first participant node by the first participant node, and the matrix Ĉ is obtained by computing a sum of the random matrix R c and a private matrix C of the third participant node by the third participant node; generating, by the first participant node, a secret random matrix V a randomly, when the second participant node performs the first scheme, computing, by the first participant node, a matrix according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the secret random matrix V a , and the random matrix r a , computing a matrix t according to the random matrix R a and the matrix {circumflex over (B)}, sending the matrix T a to the second participant node, sending the matrix t to the third participant node, and sending the secret random matrix V a to a three-party matrix multiplication computation requestor; when the second participant node performs the second scheme, computing, by the first participant node, a matrix T a according to the matrix γ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the secret random matrix V a , the random matrix r a , and the matrix t, sending the matrix T a to the second participant node, and sending the secret random matrix V a to the three-party matrix multiplication computation requestor; wherein the matrix t is obtained by computing by the third participant node according to the random matrix R c and the matrix {circumflex over (B)}, generating, by the second participant node, a secret random matrix V b randomly, obtaining a matrix T b according to the matrix T a the matrix Â, the random matrix R b , the matrix Ĉ, the secret random matrix V b , and the random matrix r b , the sending matrix T b to the third participant node, and sending the secret random matrix V b to the three-party matrix multiplication computation requestor; when the second participant node performs the first scheme, obtaining, by the third participant node, a secret random matrix V c according to the matrix T b , the matrix t, the random, the matrix R c , the matrix φ 1 , the matrix γ 1 , and the random matrix r c , and sending the secret m matrix R c , the matrix φ 1 , the matrix γ 1 , and the random matrix r c , and sending the secret random matrix V c to the three-party matrix multiplication computation requestor; when the second participant node performs the second scheme, obtaining, by the third participant node, a secret random matrix V c according to the matrix T b , the random matrix R c , the matrix φ 1 , the matrix γ 1 , and the random matrix r c , and sending the secret random matrix V c to the three-party matrix multiplication computation requestor; and obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix V c .
6. 6 . The secure three-party multiplication method for privacy computing according to claim 5 , after the obtaining, by the three-party matrix multiplication computation requestor, a product matrix ABC according to the secret random matrix V a , the secret random matrix V b , and the secret random matrix Ve, further comprising: determining, by the three-party matrix multiplication computation requestor, whether the product matrix ABC is reliable according to a self-checking matrix C a , a self-checking matrix C b , a self-checking matrix C c and a self-checking key Ckey, when the product matrix ABC is not reliable, returning to the step of generating, by an auxiliary compute node, three groups of random matrix pairs randomly (R a , r a ) (R b , r b ) and (R c , r c ), sending the random matrix pair A (R a , r a ) to the first participant node, sending the random matrix pair (R b , r b ) to the second participant node, and sending the random matrix pair (R c , r c ) to the third participant node, and when the product matrix ABC is reliable, ending computing; wherein the self-checking key Ckey is obtained by the auxiliary compute node according to the random matrix r a , the random matrix r b , and the random matrix r c ; when the second participant node performs the first scheme, the self-checking matrix C a a is obtained by the first participant node according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , a and the secret random matrix V a ; the self-checking matrix C b is obtained by the second participant node according to the matrix Â, the random matrix R b , the matrix Ĉ, and the secret random matrix V b ; and the self-checking matrix C c is obtained by the third participant node according to the matrix φ 1 ; the matrix γ 1 , the matrix t, the random matrix R c , and the secret random matrix V c ; when the second participant node performs the second scheme, the self-checking matrix C a is obtained by the first participant node according to the matrix φ 2 , the private matrix A of the first participant node, the matrix γ 2 , the random matrix R a , the matrix t, and the secret random matrix V a ; the self-checking matrix C b is obtained by the second participant node according to the matrix Â, the random matrix R b , the matrix Ĉ, and the secret random matrix V b ; and the self-checking matrix C c is obtained by the third participant node according to the matrix φ 1 , the random matrix R c , the matrix γ 1 , and the secret random matrix V c .

Description

CROSS REFERENCE TO RELATED APPLICATION This patent application claims the benefit and priority of Chinese Patent Application No. 202310348483.3, filed with the China National Intellectual Property Administration on Apr. 4, 2023, the disclosure of which is incorporated by reference herein in its entirety as part of the present application. TECHNICAL FIELD The present disclosure relates to the technical field of privacy computing, and in particular, to a secure three-party multiplication method and system for privacy computing. BACKGROUND With the innovation and application of artificial intelligence and big data technologies, the world has officially entered the “data-driven” era, and data has become an important strategic resource for countries and enterprises. However, in the era of big data, it is necessary to achieve opening and sharing of data, and how to realize “availability but invisibility” of the data, to solve a problem of a data island to realize the interconnection and fusion analysis of the data becomes an urgent problem to be solved. A privacy computing technology not only realizes safe circulation of the data but also effectively ensures separation of data ownership and data use right on the premise that original data privacy is effectively guaranteed not to be disclosed. The privacy computing technology is widely used in application scenarios such as joint mining of big data, and joint modeling of machine learning, which involve a large quantity of matrix multiplication computations. For example, a convolutional layer in a training neural network has a large quantity of high-dimensional security matrix product operations; in a support vector machine classification, computing a spacing distance involves a multiplication computation of a vector; in a K-Means clustering problem, computing a Euclidean distance also involves a large quantity of matrix multiplication computations; and in a linear regression problem, whether gradient optimization or least square is related to the matrix multiplication computations. The existing privacy computing scheme includes a homomorphic encryption-based scheme and a differential privacy-based scheme. Although the homomorphic encryption-based scheme has a strong mathematical complexity theory support in security guarantee, excessive pursuit of security and a large quantity of modulo operations are involved so that computation complexity thereof is high, a computation speed is slow, ciphertext computation difficulty is upgraded and depends on a large quantity of computation resources, and accuracy of a computation result is not reliable. The scheme based on a differential privacy technology has the advantage of being highly secure against attacks by malicious nodes on original data, but has the disadvantage that introduction of noise leads to low accuracy reliability of a final matrix computation result. SUMMARY The present disclosure aims to provide a secure three-party multiplication method and system for privacy computing, which can improve reliability of result accuracy. To achieve the above objective, the present disclosure provides the following technical solutions. A secure three-party multiplication method for privacy computing includes: generating, by an auxiliary compute node, three groups of random matrix pairs randomly (Ra, ra) (Rb, rb) and (Rc, rc), sending the random matrix pair (Ra, ra) to a first participant, sending the random matrix pair (Rb, rb) to a second participant, and sending the random matrix pair (Rc, rc) to a third participant, wherein ra+rb+rc=Ra·Rb·Rc;computing, by the second participant, a sum of a random matrix Rb and a private matrix B of the second participant to obtain a matrix {circumflex over (B)}, and determining whether the matrix {circumflex over (B)} is a non-full rank matrix to obtain a first determining result;if the first determining result is no, returning to the step of generating, by an auxiliary compute node, three groups of random matrix pairs randomly (Ra, rd) (Rb, rb) and (Re, rc), sending the random matrix pair (Ra, ra) to a first participant, sending the random matrix pair (Rb, rb) to a second participant, and sending the random matrix pair (Rc, rc) to a third participant;if the first determining result is yes, computing a matrix φ1 according to a matrix and the matrix {circumflex over (B)}, computing a matrix γ1 according to the matrix  and the random matrix Rb, computing a matrix φ2 according to the matrix {circumflex over (B)} and a matrix Ĉ, computing a matrix γ2 according to the random matrix Rb and the matrix Ĉ, sending the matrix γ1 and the matrix φ1 to the third participant, and sending the matrix γ2 and the matrix φ2 to the first participant; wherein the matrix  is obtained by computing a sum of a random matrix Ra and a private matrix A of the first participant by the first participant, and the matrix Ĉ is obtained by computing a sum of a random matrix Rc, and a private matrix C of the third partici