Data processing method and device, equipment and storage medium

By using pre-defined task flows for computation commands, users can perform secure multi-party computations without needing to master complex knowledge. This solves the problems of cumbersome construction processes and low efficiency in existing technologies, and improves the ease of operation and security.

CN114386038BActive Publication Date: 2026-07-07WEBANK (CHINA)

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
WEBANK (CHINA)
Filing Date
2020-10-16
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Building secure multi-party computation programs is cumbersome and inefficient. Users need to master complex cryptography, machine learning, and other knowledge, and also need to perform tedious code construction.

Method used

By pre-setting the task flow corresponding to the calculation command, the user only needs to input the secure multi-party computation instruction, and the system will automatically execute the task flow of the target calculation command to achieve secure multi-party computation, avoiding the need for detailed processing flow and code construction of secure multi-party computation.

Benefits of technology

It improves the efficiency of building secure multi-party computation program flows, reduces time and manpower costs, enhances user convenience, and reduces the risk of human error and privacy data leakage.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114386038B_ABST
    Figure CN114386038B_ABST
Patent Text Reader

Abstract

A data processing method, device and equipment and storage medium are disclosed, which are applied to a first device. The method comprises the following steps: receiving a secure multi-party computation instruction, wherein the secure multi-party computation instruction comprises at least one target operation command and a federated dataset identifier; determining a first dataset local to the first device according to the federated dataset identifier; calling and executing a first sub-process in a task flow corresponding to each target operation command to perform secure computation on the first dataset and obtain a first sub-operation result; and combining the first sub-operation result and at least one second sub-operation result to obtain a secure multi-party computation result. The method can improve the program flow construction efficiency of secure multi-party computation.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of computers, and more particularly to a data processing method, apparatus, device, and storage medium. Background Technology

[0002] In some business scenarios, multiple business platforms collect their own business data. For example, browser platforms collect users' web browsing data, and e-commerce platforms collect users' online shopping data. This business data is valuable and is usually stored as the business platforms' private information. Each business platform does not expect to share its raw business data with other business platforms. However, in some situations, multiple business platforms may wish to perform collaborative computations without disclosing their respective business data to improve processing capabilities. For example, browser platforms and e-commerce platforms may want to use web search data and e-commerce data to build more accurate recommendation models. Based on these models, browser platforms can more accurately recommend web pages or advertisements to users, and e-commerce platforms can more accurately recommend products to users.

[0003] Secure Multi-Party Computation (SMC) addresses the problem of privacy-preserving collaborative computation among a group of mutually distrustful parties. Multiple business platforms can act as participants, leveraging SMC to collaboratively compute business data without disclosing their individual data. Staff on each platform can utilize cryptography, machine learning, and distributed learning to build a program flow for secure multi-party computation. The platforms then execute this program flow to communicate and collaborate on the computation, achieving secure multi-party computation of the business data.

[0004] However, when building a program flow for secure multi-party computation, users need to build function libraries such as cryptographic function libraries, communication libraries, and distributed computing frameworks on the business platform through code, and then use the function libraries and code to build the entire program flow for secure multi-party computation from the bottom up. This operation is cumbersome and inefficient. Summary of the Invention

[0005] The main objective of this invention is to provide a data processing method, apparatus, device, and storage medium, which aims to improve the efficiency of program flow construction for secure multi-party computation.

[0006] To achieve the above objectives, in a first aspect, the present invention provides a data processing method applied to a first device, comprising:

[0007] Receive secure multi-party computation instructions, the secure multi-party computation instructions including at least one target computation command and a federated dataset identifier;

[0008] The first dataset local to the first device is determined based on the federated dataset identifier;

[0009] Call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure computation on the first dataset, and obtain the result of the first sub-operation;

[0010] By combining the result of the first sub-operation and at least one second sub-operation result, a secure multi-party computation result is obtained;

[0011] The result of each second sub-operation is obtained by each second device querying the second dataset locally based on the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target computation command; and performing secure computation on the second dataset.

[0012] In a second aspect, the present invention provides a data processing apparatus applied to a first device, the apparatus comprising:

[0013] A receiving module is configured to receive secure multi-party computation instructions, wherein the secure multi-party computation instructions include at least one target computation command and a federated dataset identifier;

[0014] The processing module is configured to determine the first dataset local to the first device based on the federated dataset identifier; call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure computation on the first dataset, and obtain the first sub-operation result; combine the first sub-operation result and at least one second sub-operation result to obtain a secure multi-party computation result;

[0015] The result of each second sub-operation is obtained by each second device querying the second dataset locally based on the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target computation command; and performing secure computation on the second dataset.

[0016] Thirdly, the present invention provides an electronic device, comprising: a memory, a processor, and a data processing program stored in the memory and executable on the processor, wherein the data processing program, when executed by the processor, implements the steps of the data processing method described in the first aspect above.

[0017] Fourthly, the present invention provides a data processing system comprising at least two electronic devices as described in the third aspect above.

[0018] Fifthly, the present invention provides a computer-readable storage medium storing a data processing program, which, when executed by a processor, implements the steps of the data processing method described in the first aspect above.

[0019] In this invention, a first device receives a secure multi-party computation instruction, which includes at least one target computation command and a federated dataset identifier; determines a first dataset locally on the first device based on the federated dataset identifier; invokes and executes a first sub-process in the task flow corresponding to each target computation command to perform secure computation on the first dataset and obtain a first sub-computation result; combines the first sub-computation result and at least one second sub-computation result to obtain a secure multi-party computation result; wherein each second sub-computation result is obtained by each second device querying the second dataset locally on the second device based on the federated dataset identifier in the secure multi-party computation instruction; and invoking and executing a second sub-process in the task flow corresponding to each target computation command to perform secure computation on the second dataset. The system obtains a secure multi-party computation result by calling and executing the first sub-process in the task flow corresponding to each target operation command through the first device. The first sub-operation result is then combined with the second sub-operation results obtained by each second device. This allows users to input secure multi-party computation instructions, and the system can achieve secure multi-party computation by calling and executing the task flow corresponding to the target operation command. This eliminates the need for relevant personnel to learn and master the detailed processing flow and complex related knowledge of secure multi-party computation, and eliminates the need to build code for each specific detailed task flow of secure multi-party computation. Only the task flow corresponding to the simple operation command needs to be built. The time and manpower costs consumed in building or implementing secure multi-party computation are low, and it can improve the convenience of user operation and the efficiency of building the program flow of secure multi-party computation. Attached Figure Description

[0020] Figure 1 This is a schematic diagram of a scenario for a data processing method provided in an embodiment of the present invention;

[0021] Figure 2 This is a flowchart illustrating a data processing method provided in an embodiment of the present invention;

[0022] Figure 3 A flowchart illustrating a data processing method provided in another embodiment of the present invention;

[0023] Figure 4A This is a schematic diagram illustrating the task flow of the summation command provided in this embodiment of the invention under a homomorphic computation protocol with a third party.

[0024] Figure 4B This is a schematic diagram illustrating the task flow of the summation command provided in this embodiment of the invention under a homomorphic computation protocol without a third party.

[0025] Figure 4C This is a schematic diagram illustrating the task flow of the summation command under the secret sharing protocol provided in an embodiment of the present invention.

[0026] Figure 5A This is a schematic diagram of a federated dataset constructed in a lateral connection manner, as provided in an embodiment of the present invention.

[0027] Figure 5B This is a schematic diagram of a federated dataset constructed in a vertically connected manner, as provided in an embodiment of the present invention.

[0028] Figure 6 A schematic diagram of a configuration interface provided in an embodiment of the present invention;

[0029] Figure 7 This is a schematic diagram of the structure of a data processing device provided in an embodiment of the present invention;

[0030] Figure 8 This is a schematic diagram of the hardware structure of an electronic device provided in an embodiment of the present invention.

[0031] The realization of the objective, functional features and advantages of the present invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation

[0032] Exemplary embodiments of the present disclosure will now be described in more detail with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

[0033] Figure 1This is a schematic diagram illustrating a data processing method according to an embodiment of the present invention. The scenario includes a first business platform 11, a second business platform 12, a first terminal device 13, and a second terminal device 14. The first business platform 11 and the second business platform 12 can be electronic devices such as servers or computers. The first terminal device 13 and the second terminal device 14 can be electronic devices such as mobile phones, tablets, desktop computers, smart speakers, or smart wearable devices. The first terminal device 13 communicates with the first business platform 11 via wired or wireless means. The second terminal device 14 communicates with the second business platform 12 via wired or wireless means. The first business platform 11 communicates with the second business platform 12 via wired or wireless means. The first business platform 11 collects and stores user business data through the first terminal device 13. The second business platform 12 collects and stores user business data through the second terminal device 14. The first business platform 11 and the second business platform 12 utilize secure multi-party computation to achieve collaborative computation of business data, thereby improving business processing capabilities. There are no restrictions on business data here. For example, business data can be personal privacy data, personal credit data, key data used for information security storage, electronic ballot data, etc. Personal privacy data can be web browsing data, online shopping data, travel data, food ordering data, etc.

[0034] Taking a first business platform 11 as a browser platform and a second business platform 12 as an online shopping platform as an example, a user accesses the web browsing service provided by the first business platform 11 through a first terminal device 13, and the first business platform 11 stores the user's web browsing data. A user accesses the online shopping service provided by the second business platform 12 through a second terminal device 14, and the second business platform 12 stores the user's online shopping data. The first business platform 11 and the second business platform 12 use a secure multi-party computation method to collaboratively compute web search data and online shopping data to generate training samples. Based on these training samples, the first recommendation model of the first business platform 11 is trained to improve the accuracy of the first recommendation model in recommending web pages or advertisements to users. Similarly, based on these training samples, the second recommendation model of the second business platform 12 is trained to improve the accuracy of the second recommendation model in recommending products to users.

[0035] It should be noted that the above scenario uses the first business platform 11 and the second business platform 12 as examples, but it is not a limitation. There can be more than two participants in the secure multi-party computation. The number of participants is not limited here.

[0036] In the above scenario, staff from the first business platform 11 and the second business platform 12 need to negotiate and determine the relevant procedures for secure multi-party computation. Then, based on knowledge of cryptography, machine learning, and distributed learning, and the procedures negotiated with the staff of the second business platform 12, staff from the first business platform 11 construct and implement the secure multi-party computation program flow through code. Similarly, staff from the second business platform 12, also based on knowledge of cryptography, machine learning, and distributed learning, and the procedures negotiated with the staff of the first business platform 11, construct and implement the secure multi-party computation program flow through code on the second business platform 12. Finally, the first and second business platforms 11 execute the program flow to communicate and collaborate on computation, thereby achieving secure multi-party computation of business data.

[0037] However, when constructing the program flow for secure multi-party computation, the staff of the first business platform 11 and the second business platform 12 need to build function libraries such as cryptographic function libraries, communication libraries, and distributed computing frameworks on their own business platforms, and then use the function libraries and code to build the entire program flow for secure multi-party computation from the bottom up. This operation is cumbersome and inefficient.

[0038] This invention proposes a method for secure multi-party computation based on computation commands and pre-set task flows corresponding to those commands. By pre-setting multiple task flows corresponding to computation commands for each device participating in the secure multi-party computation, users can input secure multi-party computation instructions, and the system can then call and execute the task flows corresponding to the target computation command to achieve secure multi-party computation. This eliminates the need for relevant personnel to learn and master the detailed processing flow and complex related knowledge of secure multi-party computation, and eliminates the need to construct code for each specific detailed task flow of secure multi-party computation. Only the task flows corresponding to simple computation commands need to be constructed. The time and manpower costs consumed in constructing or implementing secure multi-party computation are low, and it can improve the convenience of user operation and the efficiency of constructing program flows for secure multi-party computation.

[0039] Figure 2 This is a flowchart illustrating a data processing method according to an embodiment of the present invention. In this embodiment, multiple devices participate in secure multi-party computation, and the data processing method can be applied to any of these devices. Each of the multiple devices processes data according to this data processing method. The device currently acting as the executing entity is referred to as the first device, and the other devices are referred to as second electronic devices. Figure 2 As shown, the method includes:

[0040] S201. Receive secure multi-party computation instructions, which include at least one target computation command and a federated dataset identifier.

[0041] S202. Determine the first dataset local to the first device based on the federated dataset identifier.

[0042] In this embodiment, the first device locally stores its own original dataset, known as the first dataset, and each second device locally stores its own original dataset, known as each second dataset. Both the first and second datasets include their respective business data. Each of the first and second devices has pre-configured task flows corresponding to multiple computation commands. Each computation command's task flow includes a first sub-flow executed by the first device and a second sub-flow executed by each of the second devices. When each computation command's task flow is executed, the first device and each of the second devices perform the secure multi-party computation corresponding to that computation command.

[0043] The operation commands may include, but are not limited to, at least one of the following: summation command, mean command, standard deviation command, matrix multiplication command, bitwise OR command, bitwise AND command, difference command, correlation command, etc.

[0044] The first device and each of the second devices can pre-configure the task flows corresponding to each computation command by running an executable installation package. For example, a user on the first device inputs the executable installation package of the secure multi-party computation system into the first device and then triggers the command to run the executable installation package. After the first device executes the executable installation package, the secure multi-party computation system is installed on the first device, and the secure multi-party computation system has pre-configured task flows corresponding to each computation command. Each of the second devices also pre-configures the task flows corresponding to each computation command in the same way. In this way, the user does not need to build the specific implementation code of the task flows.

[0045] In this embodiment, the secure multi-party computation instructions received by the first device can be input by the user. The user can edit the secure multi-party computation instructions according to their needs and input them into the first device. The user can select at least one target computation command from the preset computation commands in the first device, and combine the at least one target computation command with the federated dataset identifier to form a secure multi-party computation instruction.

[0046] For example, the identifier for a federated dataset is denoted as dataset, the summation command is denoted as sum(), and the user-edited secure multi-party computation command is as follows:

[0047] a = dataset * 2

[0048] b = a.Sum()

[0049] The above secure multi-party computation instruction means that the data of each field in the dataset of each party is multiplied by 2 according to the secure multi-party computation method to obtain an intermediate dataset a, and then the data of each field in the intermediate dataset a is summed according to the secure multi-party computation method to obtain the operation result b.

[0050] A federated dataset identifier is used to identify a federated dataset, which may include a first dataset and virtual pointer datasets of each second dataset. For example, if the participants in secure multi-party computation are a first device A and two second devices B and C, the federated dataset can be represented as dataset(A,[B],[C]), where A represents the first dataset, [B] represents the virtual pointer dataset of the second dataset local to second device B, and [C] represents the virtual pointer dataset of the second dataset local to second device C. After receiving a secure multi-party computation instruction, the first device can determine the federated dataset corresponding to the federated dataset identifier and determine the first dataset local to the first device based on the federated dataset.

[0051] S203. Call and execute the first sub-process in the task flow corresponding to each target operation command, perform safe computation on the first dataset, and obtain the result of the first sub-operation.

[0052] S204. Combine the result of the first sub-operation and at least one second sub-operation to obtain a secure multi-party computation result.

[0053] The result of each second sub-operation is obtained by each second device querying the second dataset on its local machine according to the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target operation command; and performing secure computation on the second dataset.

[0054] In this embodiment, the first device can determine the task flow corresponding to each target operation command from the task flows corresponding to multiple preset operation commands, call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure calculation on the first dataset on the local machine of the first device, and obtain the first sub-operation result.

[0055] Users of the first device and users of each of the second devices can, based on negotiation, input the same secure multi-party computation instruction into their respective devices. Upon receiving the secure multi-party computation instruction, each second device first queries its local second dataset based on the federated dataset identifier in the instruction; then, it calls and executes the second sub-process in the task flow corresponding to each target computation command to perform secure computation on the local second dataset and obtain the second sub-computation result.

[0056] After the first device obtains the result of the first sub-operation and each of the second devices obtains the result of the second sub-operation, the first device and each of the second devices can combine the result of the first sub-operation and at least one result of the second sub-operation to obtain a secure multi-party computation result. Optionally, S204 can be implemented, including but not limited to, through at least one of the following methods:

[0057] In the first implementation, after each second device obtains the result of the second sub-operation, it sends the result of the second sub-operation to the first device. The first device performs a joint operation on the result of the first sub-operation and the results of each second sub-operation to obtain the secure multi-party computation result.

[0058] In the second implementation, after the first device obtains the result of the first sub-operation, it sends the result of the first sub-operation to a designated second device, which then performs a joint operation on the result of the first sub-operation and each of the second sub-operation results to obtain a secure multi-party computation result.

[0059] In the third implementation, after the first device obtains the first sub-operation result and each of the second devices obtains the second sub-operation results, the first device sends the first sub-operation result to the coordinating device, and each of the second devices sends its own second sub-operation result to the coordinating device. The coordinating device is a third party other than the first and second devices. The coordinating device performs a joint operation on the first sub-operation result and each of the second sub-operation results to obtain a secure multi-party computation result.

[0060] In this embodiment of the invention, a first device receives a secure multi-party computation instruction, which includes at least one target computation command and a federated dataset identifier; determines a first dataset locally on the first device based on the federated dataset identifier; invokes and executes a first sub-process in the task flow corresponding to each target computation command to perform secure computation on the first dataset and obtain a first sub-computation result; combines the first sub-computation result and at least one second sub-computation result to obtain a secure multi-party computation result; wherein each second sub-computation result is obtained by each second device querying a second dataset locally on the second device based on the federated dataset identifier in the secure multi-party computation instruction; and invoking and executing a second sub-process in the task flow corresponding to each target computation command to perform secure computation on the second dataset. The system obtains a secure multi-party computation result by calling and executing the first sub-process in the task flow corresponding to each target operation command through the first device. The first sub-operation result is then combined with the second sub-operation results obtained by each second device. This allows users to input secure multi-party computation instructions, and the system can achieve secure multi-party computation by calling and executing the task flow corresponding to the target operation command. This eliminates the need for relevant personnel to learn and master the detailed processing flow and complex related knowledge of secure multi-party computation, and eliminates the need to build code for each specific detailed task flow of secure multi-party computation. Only the task flow corresponding to the simple operation command needs to be built. The time and manpower costs consumed in building or implementing secure multi-party computation are low, and it can improve the convenience of user operation and the efficiency of building the program flow of secure multi-party computation.

[0061] Figure 3 This is a flowchart illustrating a data processing method provided in another embodiment of the present invention. Figure 2 Based on the illustrated embodiment, the task flow corresponding to each target operation command includes task flows under multiple security protocols. This embodiment provides a detailed description of the specific implementation process for configuring security protocols. Figure 3 As shown, the method includes:

[0062] S301. Receive configuration information input by the user, wherein the configuration information includes secure multi-party computation instructions and target security protocols; the secure multi-party computation instructions include at least one target computation command and a federated dataset identifier.

[0063] In this embodiment, for the same operation, the secure multi-party computation process differs under different security protocols. The first device pre-configures task flows under multiple security protocols corresponding to each operation command, allowing users to select the security protocol they need for secure multi-party computation. The security protocols may include, but are not limited to, at least one of the following: homomorphic computation protocols with a third party, homomorphic computation protocols without a third party, and secret sharing protocols.

[0064] Taking the summation command as an example, assuming the original datasets held by each party are horizontally connected datasets, and there are three parties, A, B, and C, participating in secure multi-party computation, the task flow of the summation command under a homomorphic computation protocol with a third party can be as follows: Figure 4A As shown, the task flow of the summation command under a third-party homomorphic computation protocol can be as follows: Figure 4B As shown, the task flow of the summation command under the secret sharing protocol can be as follows: Figure 4C As shown.

[0065] like Figure 4A As shown, the task flow of the summation command under a homomorphic computation protocol with a third party specifically includes: the third party acts as a coordinator, generating a public key and sending it to parties A, B, and C respectively. Parties A, B, and C each sum their respective datasets column-wise, and then encrypt their datasets column-wise using their generated private keys and the received public keys, sending the encrypted datasets to the other two parties. Parties A, B, and C each add the encrypted datasets sent by the other two parties to their own encrypted dataset to obtain the result of the summation command.

[0066] like Figure 4B As shown, the task flow of the summation command under a homomorphic computation protocol without a third party specifically includes: A generates a public key and a private key, and sends the public key to B and C. Each of A, B, and C sums the columns of their respective datasets. A encrypts the dataset column-by-column using its own generated private key and public key, and sends the encrypted dataset to B. B adds its own column-by-column summed dataset to the dataset sent by A, and sends the resulting dataset to C. C adds its own column-by-column summed dataset to the dataset sent by A, and sends the resulting dataset to B and C respectively. The resulting dataset is the result of the summation command.

[0067] like Figure 4C As shown, the task flow of the summation command under the secret sharing protocol specifically includes: Parties A, B, and C each sum the columns of their respective datasets, then split the resulting dataset into three dataset fragments, and send them to three neutral servers: Neutral Server 1, Neutral Server 2, and Neutral Server 3. Neutral Server 1, Neutral Server 2, and Neutral Server 3 each calculate the results of the dataset fragments sent by Parties A, B, and C, and summarize the three dataset fragment results. Then, any one of Neutral Server 1, Neutral Server 2, and Neutral Server 3 adds the dataset fragment results of the three parties together to obtain the result of the summation command.

[0068] The first device can display multiple security protocols it supports to the user, allowing the user to select the desired protocol. The security protocol selected by the user is the target security protocol.

[0069] Optionally, S301 may include at least one of the following two implementations:

[0070] In the first implementation, a configuration interface is displayed, and configuration information input by the user for the controls within the configuration interface is received.

[0071] In this implementation, the first device can display a configuration interface. The configuration interface may include controls for inputting configuration information, allowing the user to enter this information. The first device receives the configuration information input by the user using the controls on the configuration interface. Through the configuration interface, the user can easily configure the secure multi-party system. Each second device can also receive the configuration information configured by the user according to this implementation.

[0072] In the second implementation, a configuration file containing configuration information input by the user is received, and the configuration information is extracted from the configuration file, wherein the configuration file is sent by any second device.

[0073] In this implementation, devices participating in secure multi-party computation can configure the system's configuration information by exporting and importing configuration files. Any second device participating in the secure multi-party computation can export its configuration information as a configuration file upon receiving an export command from a user, and then transmit it to the user of the first device via email or other secure means. The user of the first device can input the configuration file into the first device, which automatically extracts the configuration information from the configuration file and performs automatic configuration. This ensures that the configuration information of all devices participating in the secure multi-party computation remains identical and achieves automatic configuration, improving configuration convenience.

[0074] S302. Determine the first dataset local to the first device based on the federated dataset identifier.

[0075] S303. Call and execute the first sub-process of each target operation command in the task flow under the target security protocol, perform secure calculation on the first dataset, and obtain the result of the first sub-operation.

[0076] In this embodiment, when executing each target operation command, the first device can select the first sub-process in the task flow under the target security protocol from the task flow under each security protocol corresponding to the target operation command for execution.

[0077] S304. Combine the result of the first sub-operation and at least one second sub-operation to obtain a secure multi-party computation result.

[0078] The result of each second sub-operation is obtained by each second device querying the local second dataset based on the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow of each target computation command under the target security protocol to perform secure computation on the second dataset.

[0079] In this embodiment, the configuration information received by each second device is the same as the configuration information received by the first device. Accordingly, each second device calls and executes the second sub-process in the task flow of each target operation command under the target security protocol to perform secure computation on the second dataset and obtain the second sub-operation result.

[0080] This embodiment obtains a secure multi-party computation (MMC) result by having a first device call and execute the first sub-process in the task flow corresponding to each target computation command, and then combining the first sub-process result with the second sub-process results obtained by each second device. This allows users to input secure MMC commands, and the system can achieve secure MMC by calling and executing the task flow corresponding to the target computation command. It eliminates the need for personnel to learn and master the detailed processing flow and complex related knowledge of secure MMC, and eliminates the need to code each specific task flow of secure MMC. Only the task flow corresponding to a simple computation command needs to be constructed. The time and manpower costs of constructing or implementing secure MMC are low, and it improves user convenience and the efficiency of constructing the program flow for secure MMC. Furthermore, by pre-setting multiple task flows under various security protocols for each computation command, users can flexibly choose the security protocol to use according to their needs, improving applicability.

[0081] As an embodiment of the present invention, based on any of the above embodiments, the federated dataset is identified as the identifier of the federated dataset, which includes a first dataset and virtual pointer datasets of each second dataset.

[0082] The method also includes:

[0083] Generate virtual pointer datasets pointing to each of the second datasets;

[0084] The first dataset and each virtual pointer dataset are combined to form a federated dataset;

[0085] Display the federated dataset.

[0086] In this embodiment, the first device can generate virtual pointer datasets pointing to each of the second datasets. The dimensions of the virtual pointer datasets are the same as the dimensions of the second datasets they point to, and the elements in the virtual pointer datasets are virtual pointers. The first device can construct a federated dataset from its local first dataset and the virtual pointer datasets, and then display it to the user in a view format. Optionally, the first device can construct the federated dataset from its local first dataset and the virtual pointer datasets using either a horizontal or vertical join method; this is not limited here.

[0087] This embodiment generates virtual pointer datasets pointing to each second dataset, and together with the first dataset local to the first device, forms a federated dataset, which is then displayed to the user, making it convenient for the user to view and manage the federated dataset.

[0088] Optionally, the first device can construct a federated dataset from the first dataset and each virtual pointer dataset according to the target join method. The target join method can be input by the user, for example, included in the configuration information. The target join method can include horizontal join or vertical join. Horizontal join refers to the original datasets held by the devices participating in secure multi-party computation having the same structure but different content. Vertical join refers to the original datasets held by the devices participating in secure multi-party computation having a defined correspondence between rows, generally representing the same entity, such as a user, company, or product, but the data structures of each device are different.

[0089] The first device can construct a federated dataset from the first local dataset and each virtual pointer dataset according to the target connection method configured by the user, and then display it to the user in the form of a view.

[0090] like Figure 5A The diagram illustrates a federated dataset constructed using a horizontal connection method. The participants in the secure multi-party computation are A, B, and C. A holds the original dataset containing the age, gender, and place of origin data for users 1 and 2; B holds the original dataset containing the age, gender, and place of origin data for users 3 and 4; and C holds the original dataset containing the age, gender, and place of origin data for users 5 and 6. The device currently displaying the federated dataset is device A. The data corresponding to A in the federated dataset is the actual original data, while the data corresponding to B and C are virtual pointers. A can manage and view the local dataset and the virtual pointers to B and C through the federated dataset displayed on its device, but cannot view the original data of B and C.

[0091] like Figure 5BThe diagram illustrates a federated dataset structured vertically. The secure multi-party computation involves three parties: A, B, and C. A holds the original dataset containing data on the age, gender, and place of origin of users 1 and 2. B holds the original dataset containing data on the addresses, income, and workplaces of users 1 and 2. C holds the original dataset containing data on loans, real estate, and credit cards of users 1 and 2. The device currently displaying the federated dataset is A's device. The data corresponding to A in the federated dataset is the actual original data, while the data corresponding to B and C are virtual pointers. A can manage and view its local dataset and the virtual pointers to B and C through the federated dataset displayed on its device, but cannot view the original data of B and C.

[0092] As an embodiment of the present invention, the configuration information further includes a target connection method, which includes a horizontal connection method or a vertical connection method. The method further includes:

[0093] When executing the first sub-process, display the intermediate datasets and / or the results of the first sub-operation generated during the execution process, according to the target connection method.

[0094] In this embodiment, the horizontal connection method indicates that the datasets are connected horizontally, and the vertical connection method indicates that the datasets are connected vertically. During the invocation and execution of the first sub-process, the first device generates an intermediate dataset and the result of the first sub-operation. The first device can display the intermediate dataset and / or the result of the first sub-operation generated during execution according to the target connection method, so that the user can view the intermediate dataset and the result of the first sub-operation in the secure multi-party computation.

[0095] As an embodiment of the present invention, based on any of the above embodiments, the configuration information may further include a result disclosure method, wherein the result disclosure method includes disclosing the secure multi-party computation results to the coordinating device and / or disclosing the secure multi-party computation results to at least one designated device participating in the secure multi-party computation;

[0096] The method also includes:

[0097] When the method of disclosing the results includes disclosing the secure multi-party computation results to the coordinating party's equipment, the computation results are sent to the coordinating party's equipment;

[0098] When the method of disclosing the results includes disclosing the secure multi-party computation results to at least one designated device participating in the secure multi-party computation, the secure multi-party computation results are sent to at least one designated device participating in the secure multi-party computation.

[0099] In this embodiment, the method of disclosing the results can be determined through negotiation among the participating parties in the secure multi-party computation, and then each participating party configures its own device. Users can configure the method of disclosing the results of the secure multi-party computation, choosing to disclose the computation results to the coordinating party's device; or, choosing to disclose the computation results to at least one designated device participating in the secure multi-party computation; or, choosing to disclose the computation results to both the coordinating party's device and at least one designated device participating in the secure multi-party computation.

[0100] By selectively sending computation results to the coordinating device and at least one designated device according to the result disclosure method configured by the user, it is convenient for users to configure the result disclosure method.

[0101] As an embodiment of the present invention, based on any of the above embodiments, the method further includes:

[0102] Acquire secure multi-party computation instructions received by each second device;

[0103] When the secure multi-party computation instruction received by the first device is the same as the secure multi-party computation instruction received by each of the second devices, the first sub-process in the task flow corresponding to each target computation command is invoked and executed.

[0104] If the secure multi-party computation instruction received by the first device is different from the secure multi-party computation instruction received by any second device, a prompt message is displayed to indicate that the secure multi-party computation instruction cannot be executed.

[0105] In this embodiment, the first device and each of the second devices can collaboratively execute the secure multi-party computation (SMC) instruction only when the secure MCC instruction received by the first device is identical to the secure MCC instructions received by each of the second devices. The first device can acquire the secure MCC instructions received by each of the second devices and compare the secure MCC instructions configured by the user for the first device with those configured by other users for each of the second devices. If they are identical, the first sub-process in the task flow corresponding to each target operation command in the secure MCC instruction is executed. If they are different, a prompt message is displayed to inform the user that the secure MCC instructions configured by each device participating in the secure MCC are different and cannot be executed. Optionally, the first device can also send prompt messages to each of the second devices so that each of the second devices can display the prompt messages. Alternatively, any of the second devices can perform the comparison of the secure MCC instructions of each device, which is not limited here.

[0106] The following example of a configuration interface illustrates the embodiments of the present invention. Figure 6 The diagram shown is a schematic of a configuration interface provided in an embodiment of the present invention. Figure 6The configuration interface includes a first control 61 for configuring the security protocol, a second control 62 for configuring the participant identifier, a third control 63 for configuring the target connection method, a fourth control 64 for configuring the result disclosure method, a fifth control 65 for configuring the secure multi-party computation instruction, an import control 66 for importing configuration information, an export control 67 for exporting configuration information, a run control 68 for triggering the execution of the secure multi-party computation instruction, and a view result control 69 for triggering the viewing of the secure multi-party computation result.

[0107] Among them, the first control 61, the second control 62, the third control 63, and the fourth control 64 provide users with optional configuration options, allowing users to select the configuration information according to their needs. The fifth control 65 is used by users to edit secure multi-party computation instructions, such as... Figure 6 The secure multi-party computation command edited by the Chinese user is as follows:

[0108] a = dataset * 2

[0109] b = a.Sum()

[0110] When the user triggers the import control 66, the import interface for the configuration file can be displayed, allowing the user to import the configuration file through this input interface. When the user triggers the export control 67, the export interface for the configuration file can be displayed, allowing the user to export the configuration file through this export interface. When the user triggers the run control 68, if all devices detect that the run control has been triggered, they begin to collaboratively execute secure multi-party computation instructions with other devices; otherwise, they continue to wait until all devices have detected that the run control has been triggered, and then they begin to collaboratively execute the processing flow with other devices.

[0111] When the user triggers the view result control 69, if the secure multi-party computation instruction is completed and the current user is a participant allowed to disclose the results in the result disclosure method, the secure multi-party computation result will be displayed.

[0112] This invention enables users to perform secure multi-party computation (MMC) by inputting instructions through pre-defined task flows corresponding to multiple computation commands. This eliminates the need for users to construct code for the specific task flows. The device automatically calls and executes the first sub-process within the task flow corresponding to each target computation command, obtaining the first sub-computation result. This first sub-computation result is then combined with the second sub-computation results obtained from each second device to obtain the final secure MMC result. This improves user convenience and the efficiency of constructing the MMC program flow. Furthermore, users do not need knowledge of cryptography or distributed computing to use this solution for secure MMC construction, lowering the barrier to entry. Since the task flows are pre-defined, this solution avoids privacy data leaks caused by vulnerabilities resulting from manual programming, improving data security. It also avoids computational errors caused by human code editing mistakes, improving the accuracy of secure MMC.

[0113] Figure 7 This is a schematic diagram of a data processing apparatus provided according to an embodiment of the present invention. The data processing apparatus is applied to a first device, such as... Figure 7 As shown, the data processing device 70 includes a receiving module 701 and a processing module 702.

[0114] The receiving module 701 is used to receive secure multi-party computation instructions, which include at least one target operation command and a federated dataset identifier.

[0115] Processing module 702 is used to determine the first dataset local to the first device based on the federated dataset identifier; call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure computation on the first dataset, and obtain the first sub-operation result; combine the first sub-operation result and at least one second sub-operation result to obtain a secure multi-party computation result;

[0116] The result of each second sub-operation is obtained by each second device querying the second dataset on its local machine according to the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target operation command; and performing secure computation on the second dataset.

[0117] In this embodiment of the invention, a first device receives a secure multi-party computation instruction, which includes at least one target computation command and a federated dataset identifier; determines a first dataset locally on the first device based on the federated dataset identifier; invokes and executes a first sub-process in the task flow corresponding to each target computation command to perform secure computation on the first dataset and obtain a first sub-computation result; combines the first sub-computation result and at least one second sub-computation result to obtain a secure multi-party computation result; wherein each second sub-computation result is obtained by each second device querying a second dataset locally on the second device based on the federated dataset identifier in the secure multi-party computation instruction; and invoking and executing a second sub-process in the task flow corresponding to each target computation command to perform secure computation on the second dataset. The system obtains a secure multi-party computation result by calling and executing the first sub-process in the task flow corresponding to each target operation command through the first device. The first sub-operation result is then combined with the second sub-operation results obtained by each second device. This allows users to input secure multi-party computation instructions, and the system can achieve secure multi-party computation by calling and executing the task flow corresponding to the target operation command. This eliminates the need for relevant personnel to learn and master the detailed processing flow and complex related knowledge of secure multi-party computation, and eliminates the need to build code for each specific detailed task flow of secure multi-party computation. Only the task flow corresponding to the simple operation command needs to be built. The time and manpower costs consumed in building or implementing secure multi-party computation are low, and it can improve the convenience of user operation and the efficiency of building the program flow of secure multi-party computation.

[0118] Optionally, the task flow corresponding to each operation command includes task flows under multiple security protocols;

[0119] The receiving module 701 is used to receive configuration information input by the user, wherein the configuration information includes secure multi-party computation instructions and target security protocol;

[0120] Processing module 702 is used to call and execute the first sub-process of each target operation command in the task flow under the target security protocol.

[0121] Optionally, the federated dataset is identified as the identifier of the federated dataset, which includes a first dataset and virtual pointer datasets of each second dataset;

[0122] The processing module 702 is also used to generate virtual pointer datasets pointing to each of the second datasets;

[0123] Processing module 702 is also used to construct a federated dataset from the first dataset and each virtual pointer dataset;

[0124] The device also includes:

[0125] The display module is used to display federated datasets.

[0126] Optionally, the configuration information also includes the target connection method, which may include a horizontal connection method or a vertical connection method. The display module is also used to display the intermediate dataset and / or the result of the first sub-operation generated during the execution process, according to the target connection method, when executing the first sub-process.

[0127] Optionally, the configuration information also includes the result disclosure method, wherein the result disclosure method includes disclosing the secure multi-party computation results to the coordinating party device, and / or disclosing the secure multi-party computation results to at least one designated device participating in the secure multi-party computation;

[0128] Processing module 702 is also used for:

[0129] When the method of disclosing the results includes disclosing the secure multi-party computation results to the coordinating party's equipment, the secure multi-party computation results will be sent to the coordinating party's equipment;

[0130] When the method of disclosing the results includes disclosing the secure multi-party computation results to at least one designated device participating in the secure multi-party computation, the secure multi-party computation results are sent to at least one designated device participating in the secure multi-party computation.

[0131] Optionally, the receiving module 701 is used for:

[0132] Display the configuration interface and receive configuration information input by the user for the controls within the configuration interface; or,

[0133] Receive a configuration file containing configuration information input by the user, and extract configuration information from the configuration file, wherein the configuration file is sent by any second device.

[0134] Optionally, the receiving module 701 is also used to acquire the secure multi-party computation instructions received by each of the second devices;

[0135] Processing module 702 is also used for:

[0136] When the secure multi-party computation instruction received by the first device is the same as the secure multi-party computation instruction received by each of the second devices, the first sub-process in the task flow corresponding to each target computation command is invoked and executed.

[0137] If the secure multi-party computation instruction received by the first device is different from the secure multi-party computation instruction received by any second device, a prompt message is displayed to indicate that the secure multi-party computation instruction cannot be executed.

[0138] The data processing device provided in this embodiment can be used to execute the above-described method embodiments. Its implementation principle and technical effects are similar, and will not be described again here.

[0139] Figure 8This is a schematic diagram of the hardware structure of an electronic device provided according to an embodiment of the present invention. Figure 8 As shown, the electronic device 80 provided in this embodiment includes: a processor 801, a memory 802, and a data processing program stored in the memory 802 and executable on the processor 801. The electronic device 80 also includes a communication component 803. The processor 801, memory 802, and communication component 803 are connected via a bus 804.

[0140] In the specific implementation process, when the data processing program is executed by the processor 801, it implements the above data processing method steps.

[0141] The specific implementation process of processor 801 can be found in the above method embodiments, and its implementation principle and technical effect are similar. It will not be repeated here.

[0142] In the above Figure 8 In the illustrated embodiments, it should be understood that the processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), etc. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the method disclosed in the application can be directly manifested as being executed by a hardware processor, or executed by a combination of hardware and software modules within the processor.

[0143] The memory may include high-speed RAM, and may also include non-volatile storage (NVM), such as at least one disk storage.

[0144] The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of illustration, the buses shown in the accompanying drawings of this embodiment are not limited to only one bus or one type of bus.

[0145] This invention also provides a data processing system, including at least two such... Figure 8 The electronic device described in the embodiments.

[0146] This invention also provides a computer-readable storage medium storing a data processing program, which, when executed by a processor, implements the data processing method described above.

[0147] The aforementioned readable storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. The readable storage medium can be any available medium accessible to a general-purpose or special-purpose computer.

[0148] An exemplary readable storage medium is coupled to a processor, enabling the processor to read information from and write information to the readable storage medium. Of course, the readable storage medium can also be a component of the processor. The processor and the readable storage medium can reside in an Application Specific Integrated Circuit (ASIC). Alternatively, the processor and the readable storage medium can exist as discrete components in the device.

[0149] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0150] The sequence numbers of the above embodiments of the present invention are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0151] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of the present invention.

[0152] The above are merely preferred embodiments of the present invention and do not limit the scope of the patent. Any equivalent structural or procedural transformations made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the scope of patent protection of the present invention.

Claims

1. A data processing method, characterized in that, Applied to the first device, including: Receive secure multi-party computation instructions, the secure multi-party computation instructions including at least one target computation command and a federated dataset identifier; The first dataset local to the first device is determined based on the federated dataset identifier; Call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure computation on the first dataset, and obtain the result of the first sub-operation; By combining the result of the first sub-operation and at least one second sub-operation result, a secure multi-party computation result is obtained; The result of each second sub-operation is obtained by each second device querying the second dataset locally based on the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target computation command; and performing secure computation on the second dataset.

2. The method according to claim 1, characterized in that, The task flow corresponding to each target operation command includes task flows under multiple security protocols; The receiving of secure multi-party computation instructions includes: Receive configuration information input by the user, wherein the configuration information includes the secure multi-party computation instruction and the target security protocol; The first sub-process in the task flow corresponding to calling and executing each target operation command includes: The first sub-process in the task flow under the target security protocol is to call and execute the target operation commands.

3. The method according to claim 2, characterized in that, The federated dataset is identified as the identifier of the federated dataset, which includes the first dataset and virtual pointer datasets of each second dataset; The method further includes: Generate virtual pointer datasets pointing to each of the second datasets; The first dataset and each virtual pointer dataset are combined to form a federated dataset; Display the federal dataset.

4. The method according to claim 2, characterized in that, The configuration information also includes a target connection method, which may be a horizontal connection or a vertical connection. The method further includes: When executing the first sub-process, the intermediate dataset and / or the result of the first sub-operation generated during the execution process are displayed according to the target connection method.

5. The method according to claim 2, characterized in that, The configuration information also includes a result disclosure method, wherein the result disclosure method includes disclosing the secure multi-party computation result to the coordinating party device, and / or disclosing the secure multi-party computation result to at least one designated device participating in the secure multi-party computation; The method further includes: When the method of disclosing the results includes disclosing the secure multi-party computation results to the coordinating party device, the secure multi-party computation results are sent to the coordinating party device; When the method of disclosing the result includes disclosing the secure multi-party computation result to at least one designated device participating in the secure multi-party computation, the secure multi-party computation result is sent to at least one designated device participating in the secure multi-party computation.

6. The method according to claim 2, characterized in that, The configuration information received from the user includes: Display the configuration interface and receive configuration information input by the user for the controls within the configuration interface; or, The system receives a configuration file containing the configuration information input by the user, and extracts the configuration information from the configuration file, wherein the configuration file is sent by any second device.

7. The method according to any one of claims 1-6, characterized in that, The method further includes: Acquire secure multi-party computation instructions received by each second device; When the secure multi-party computation instruction received by the first device is the same as the secure multi-party computation instruction received by each of the second devices, the first sub-process in the task flow corresponding to each target computation command is invoked and executed. If the secure multi-party computation instruction received by the first device is different from the secure multi-party computation instruction received by any of the second devices, a prompt message is displayed to indicate that the secure multi-party computation instruction cannot be executed.

8. A data processing apparatus, characterized in that, Applied to a first device, the device includes: A receiving module is configured to receive secure multi-party computation instructions, wherein the secure multi-party computation instructions include at least one target computation command and a federated dataset identifier; The processing module is configured to determine the first dataset local to the first device based on the federated dataset identifier; call and execute the first sub-process in the task flow corresponding to each target operation command, perform secure computation on the first dataset, and obtain the first sub-operation result; combine the first sub-operation result and at least one second sub-operation result to obtain a secure multi-party computation result; The result of each second sub-operation is obtained by each second device querying the second dataset locally based on the federated dataset identifier in the secure multi-party computation instruction; calling and executing the second sub-process in the task flow corresponding to each target computation command; and performing secure computation on the second dataset.

9. An electronic device, characterized in that, The electronic device includes: a memory, a processor, and a data processing program stored in the memory and executable on the processor, wherein the data processing program, when executed by the processor, implements the steps of the data processing method as described in any one of claims 1-7.

10. A data processing system, characterized in that, It includes at least two electronic devices as described in claim 9.

11. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a data processing program, which, when executed by a processor, implements the steps of the data processing method as described in any one of claims 1-7.