Data processing method and apparatus for multi-party secure computation

Abstract

The embodiment of the present specification provides a data processing method and device for multi-party secure computation, in the case that the specified decimal place number f x p and the extended bit number s of a floating point number satisfy f x p + s ≤ t / 2 (t is the bit number of an encryption ring), for a floating point number x, in the processing process of the encoding value of x mapped to the encryption ring, the specified decimal place number of the floating point number is extended from f x p to f x p + s through left shift of s bit, on the one hand, the high bit truncation in the bit inversion process is avoided, and on the other hand, the effective input value range of the regularization algorithm is extended to 2 ‑ ( fxp‑1 ) to 2 fxp‑1+s ). Thus, the input data range of the floating point number processed in the multi-party secure computation process can be greatly expanded.

Description

Technical Field

[0001] This specification relates to the field of secure computing technology, and more particularly to a data processing method and apparatus for multi-party secure computing. Background Technology

[0002] Secure multi-party computation, also known as secure multi-party computation or MPC, involves multiple parties collaboratively computing a function without revealing their input data. The result is then disclosed to one or more of the parties. Secure multi-party computation can be applied to privacy-preserving intersection problems, joint training of machine learning models, data querying, and more. During secure multi-party computation, to accommodate a wider range of data, floating-point numbers are typically used to encode data onto a ring of fixed-point numbers for protection and computation. When encoding floating-point numbers onto the ring, the number of decimal places to retain is specified using `fxp`. Too small a `fxp` will result in insufficient precision, while too large a `fxp` will increase computational overhead and reduce the encoding range of the integer part.

[0003] In business processes based on multi-party secure computation, basic operations such as division, inversion, and the inverse of square roots are commonly used. Among these basic operations, the use of fixed-point arithmetic mapped to rings is prone to underflow, meaning the data exceeds the range of fixed-point representation. If data exceeding this range is truncated to 0, it severely impacts the accuracy of secure computation. Therefore, expanding the numerical range in secure computation is crucial for the accuracy of business processing results. Summary of the Invention

[0004] This specification describes one or more embodiments of a data processing method and apparatus for secure multi-party computation, which addresses one or more problems mentioned in the background art.

[0005] According to a first aspect, a data processing method for multi-party secure computation is provided, applicable to the regularization operation of data x by multiple participants, wherein a floating-point number x is mapped to an encoded value x' on an encrypted ring described by a predetermined number of bits t, the encoded value x' constitutes an arithmetic shared form among the participants, and a first party among the participants holds a first arithmetic fragment of x'; the method is executed by the first party and includes: performing an A2B operation to convert the arithmetic shared form to a Boolean shared form with other participants based on the first arithmetic fragment of x', thereby obtaining a first Boolean fragment of x'; shifting the first Boolean fragment of x' to the high-order bits by s bits and padding with 0 in the low-order bits to obtain an extended value m = x × 2 s The first Boolean segment, where s is the predetermined number of fractional extension bits; in conjunction with other participants, a safe bit reversal operation is performed on the most significant bit of the extension value m to obtain the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1; and other participants determine the offset exponent coefficient z = 2 by performing a secure B2A operation. -e+s The arithmetic sharing form is used to obtain the first arithmetic fragment of the offset exponent coefficient z; based on the first arithmetic fragment of the offset exponent coefficient z and the first arithmetic fragment of x', the offset mantissa c' = x' × z is determined by secure multiplication with other participants, and the first arithmetic fragment of the offset mantissa c' is obtained; according to the first arithmetic fragment of the offset mantissa c', the decimal safe recovery operation is performed on the offset mantissa c' with other participants to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c', where the regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

[0006] In one embodiment, the floating-point number x is a signed real number, and the method further includes: performing a secure comparison with each participant, comparing the size of the floating-point number x with 0; and determining a first slice describing the sign of the floating-point number x based on the comparison result.

[0007] In one embodiment, the joint operation with other participants to perform a secure bit reversal on the most significant bit of the extension value m yields the offset exponent coefficient z = 2. -e+s The first Boolean segment includes: determining the most significant bit of the extended value m by performing a safe OR operation with other participants, and obtaining the Boolean representation of the most significant bit 2. e+s-1 In the first slice, the Boolean representation of the most significant bit is 1 only on the first bit that appears 1, and all other bits are zero, where e is the regularization exponent; the Boolean representation of the most significant bit with fxp+s as the axis is 2. e+s-1 The first slice is bit-flipped to obtain the tag value z = 2. -e+s The first Boolean segment, where fxp is the number of bits used for the floating-point code.

[0008] In one embodiment, the step of performing a fractional-safe recovery operation on the offset mantissa c' with other participants based on the first arithmetic fragment of the offset mantissa c' to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c' includes: performing a safe A2B operation with other participants based on the first arithmetic fragment of the offset mantissa c' to obtain the first Boolean fragment of the offset mantissa c'; shifting the first Boolean fragment of the offset mantissa c' to the least significant bit by s bits and padding it with zeros in the most significant bit to obtain the first Boolean fragment of the regularized mantissa c; and performing a safe B2A operation with other participants on the regularized mantissa c to obtain the first arithmetic fragment of the regularized mantissa c.

[0009] In one embodiment, the sum of the floating-point number encoding bits and the predetermined decimal extension bits does not exceed half of the predetermined number of bits t.

[0010] In one embodiment, the encryption ring is a prime number ring or a prime number ring, and the data x is mapped to the encryption ring by taking the integer part of the product of its corresponding value and 2 raised to the power of t.

[0011] In one embodiment, the regularization mantissa c and the offset exponent z describe the result of the regularization operation in the following way: the value corresponding to the data x is the product of the regularization mantissa c and the exponent z raised to the power of 2; when the data x is a signed number, the result of the regularization operation also corresponds to the sign of x before the product.

[0012] According to a second aspect, a data processing apparatus for multi-party secure computation is provided, suitable for regularization operations on floating-point numbers x by multiple participants, wherein the floating-point number x is mapped to an encoded value x' on an encrypted ring described by a predetermined number of bits t, the encoded value x' constitutes an arithmetic shared form among the participants, and a first party among the multiple participants holds a first arithmetic slice of x'; the apparatus is disposed on the first party and includes:

[0013] The fragmentation conversion unit is configured to perform an A2B operation to convert arithmetic shared form to Boolean shared form based on the first arithmetic fragment and other participants, thereby obtaining the first Boolean fragment of x';

[0014] The decimal extension unit is configured to shift the first Boolean segment of x' s bits to the higher bits and pad with 0s in the lower bits, resulting in the extended value m = x × 2. s The first Boolean partition, where s is the predetermined number of decimal places;

[0015] The first determining unit is configured to jointly perform a secure bit reversal operation on the most significant bit of the extension value m with other participants, resulting in the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 ;

[0016] The form conversion unit is configured to determine the offset exponent coefficient z = 2 by performing a secure B2A operation with other participants. -e+s The arithmetic sharing form is used to obtain the first arithmetic fragment of the offset exponent coefficient z;

[0017] The second determining unit, based on the first arithmetic slice of the offset exponent coefficient z and the first arithmetic slice of x', determines the offset mantissa c' = x' × z with other participants through secure multiplication, and obtains the first arithmetic slice of the offset mantissa c'.

[0018] The fractional recovery unit is configured to perform a fractional safe recovery operation on the offset mantissa c' based on the first arithmetic fragment of the offset mantissa c', together with other participants, to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c'. The regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

[0019] According to a third aspect, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed in a computer, causes the computer to perform the method of the first aspect.

[0020] According to a fourth aspect, a computing device is provided, including a memory and a processor, characterized in that the memory stores executable code, and when the processor executes the executable code, it implements the method of the first aspect.

[0021] The methods and apparatus provided in the embodiments of this specification expand the number of decimal places in fixed-point numbers by shifting the most significant bit to the higher bits in Boolean form by s bits. This expansion significantly increases the effective input range of regularization algorithms, improves the data range supported by regularization-based operations such as division, inversion, and square root inversion in multi-party secure computation, and enhances model accuracy. Attached Figure Description

[0022] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the following description of the embodiments will be briefly introduced. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0023] Figure 1 This diagram illustrates an implementation architecture based on multi-party secure computation.

[0024] Figure 2 A schematic diagram of a data processing flow for secure multi-party computation performed by a single participant, according to one embodiment, is shown.

[0025] Figure 3 A schematic block diagram of a data processing apparatus for secure multi-party computation provided at a single participant, according to one embodiment, is shown. Detailed Implementation

[0026] The technical solutions provided in this specification are described below with reference to the accompanying drawings.

[0027] First, let's describe some concepts that may be involved in this instruction manual.

[0028] Arithmetic Share (Ashr): Also known as sum-sharing, in secure computation, each party holds a fragment of a value within a predetermined range. The sum of these fragments can reconstruct the original value. For example, in two-party secure computation, an integer x from 0 to M-1 is summed with x = x... L +x R The data is distributed between the two parties in a shared manner, modulo M, so that one party is unaware of x. R The other party is unaware of x L x R x L This is called a fragmentation under the shared form of integer x, where neither party can obtain the complete form of x;

[0029] Boolean Share (Bshr): In secure computation, each party holds a slice of a value in a predetermined number of bits. The original value can be recovered by the XOR operation of each slice. Taking two parties as an example, suppose x is a one-bit data (with a value of 0 or 1). x0 and x1 are two Boolean shared slices of x in the two parties, both with a value of 0 or 1. ⊕ represents the XOR operation. Then x is in Boolean shared form in the two parties as x0⊕x1. Boolean share and arithmetic share can be converted to each other. In conventional technology, the conversion from Boolean share to arithmetic share is denoted as B2A, and the conversion from arithmetic share to Boolean share is denoted as A2B.

[0030] Floating-point numbers are numerical representations of numbers belonging to a specific subset of rational numbers. In computers, they are used to approximate any real number. Specifically, a real number (e.g., a) can be obtained by multiplying an integer or fixed-point number (i.e., the mantissa, e.g., m) by an integer power (e.g., e.g., b, usually 2) of a base, such as a = m × b. e ;

[0031] Prime ring: The operational range of dense data, such as a 64-bit or 128-bit prime ring, where the prime ring can also be called a 2k ring;

[0032] Floating-point encoding bits (fxp): The number of floating-point decimal places to which the original data is encoded on the prime number ring or prime number ring. It can also be called a fixed-point number. Usually, the last fxp bits of the encoded value correspond to the fractional part.

[0033] Div: For an input value x, the inverse is y = 1 / x = x. -1 ;

[0034] Regularization: An operation that represents floating-point numbers in a standard form, such as representing the value x as c×2. e×sign(x), where sign(x) represents the sign (positive or negative) of the real number x, c can be called the regularization mantissa, and e can be called the regularization exponent. For ease of description, 2 can also be used. -e These are called exponent coefficients. c and 2 -e These are undetermined parameters in the numerical regularization process. When determining the regularization exponent coefficient 2... -e Then we can use c = x × 2 -e ×sign(x) determines the regularization mantissa c, which typically takes a value between 0.5 and 1.

[0035] Figure 1 A schematic diagram of an implementation architecture in a secure computing scenario is shown. Figure 1 As shown, in a multi-party secure computation scenario, data can be jointly held by multiple data parties, meaning the data is shared among them, such as through arithmetic sharing or Boolean sharing. During multi-party secure computation, each data party can exchange secret data, ensuring that no single data party discloses its local privacy data to other data parties, and the data processing results remain shared among the various data parties. Taking a federated learning scenario as an example, the dataset is held by multiple holders, such as 1, 2, 3, etc. Each holder can hold a portion of the dataset and can also be referred to as a data party, member party, training member, or other similar entity. Figure 1 The diagram shows three data holders, but in practice, the number of data holders can be n, where n is a positive integer greater than 1. The dataset here can be a training dataset for training various machine learning models, a test dataset for testing other neural network models, or a dataset to be predicted. The dataset can include attribute feature data of business objects, which is the private data of the data holders. Business objects can be various business objects to be analyzed, such as users, merchants, products, events, etc., for example, bank users, hospital patients, etc. Each data holder can complete model training by processing local data and exchanging confidential data in an agreed-upon manner.

[0036] In the process of implementing shared algorithms in multi-party secure computation scenarios, it was found that there is a need for a division operation that supports a wider range. However, analysis of existing division calculation methods based on multi-party secure computation reveals that their bottleneck lies in the limited input range of the regularization algorithm they rely on.

[0037] The following describes the principle of regularized data processing for multi-party secure computation. Typically, in multi-party secure computation scenarios, data regularization is performed, taking into account the exponent coefficient 2. -e Since the problem is difficult to solve in arithmetic form, the arithmetic sharing form of the data can be converted into a Boolean sharing form. In the Boolean sharing form, a bit-flipping operation with the decimal point as the axis is used to determine the exponent coefficient 2. -eTypically, in Boolean form, the most significant bit is the e-th bit. If only the most significant bit is set to 1, and the other bits are set to 0, then we can obtain 2. e-1 Performing a symmetrical bit reversal (or simply bit reversal) on Boolean data with the decimal point as the axis yields 2. -e The Boolean form. This Boolean form can be converted into arithmetic form, thus determining the exponent coefficient 2. -e On the other hand, based on the principle of regularization, the regularization tail number c = x × 2 can be determined. -e .

[0038] Taking an input data x = 123.321 as an example, assuming the fixed-point number fxp is 8, and the size of the encryption ring (such as a prime number ring or prime number ring) is 16 (encoded using 16 bits), without considering shared fragmentation, the following process shows the data result restored from fragmentation. Floating-point numbers can be mapped to integers on the encryption ring using the fixed-point number fxp for various operations. The calculation result is an integer on the encryption ring, which can be restored to a decimal using the fixed-point number fxp. Taking a 16-byte encryption ring with a fixed-point number fxp of 8 as an example, the input data x is processed by... fxp The product is encoded onto the encryption ring. For example, if x = 123.321, the encoded value x' on the encryption ring is: x' = x × 2. 8 =123.321×2 8 ≈31570. The rounding here can be rounding to the nearest integer, rounding up, or rounding down according to predetermined rules, and this manual does not limit this.

[0039] The input data x is mapped to the encoded value x' = 31570 on the ring, which can form an arithmetic shared form among the participants in the multi-party secure computation. Then, the arithmetic shared form of 31570 is converted to a Boolean shared form through a multi-party joint secure A2B operation. The A2B conversion, or Arithmetic Share to Boolean Share, can employ conventional techniques and will not be elaborated upon here. After the conversion, x' corresponds to a 16-bit Boolean shared fragment on each participant, forming the corresponding Boolean shared form. Without considering fragmentation, the Boolean representation of x' can be: 0111 1011 0101 0010. That is, the XOR result of each Boolean fragment should be 0111 1011 0101 0010.

[0040] Next, determine the most significant bit (the bit with a value of 1) of x' in Boolean form, and obtain the Boolean representation of the most significant bit: 0100 0000 0000 0000 (2 e-1 This corresponds to the fixed-point code value 16384 on the encryption ring (corresponding to the floating-point number 16384 / 2). 8=64). Performing a bit reversal operation on this Boolean representation with the decimal point as the axis yields the reversed bit 0000 000000000010, which corresponds to the regularization exponent coefficient 2 of x. -e Let z be the exponent coefficient. The arithmetic form of this inverted bit is 2, which corresponds to the fixed-point encoded value 2 in arithmetic form on the cryptographic ring (corresponding to the floating-point number z = 2 / 2). 8 =2 -7 =0.0078125, exponent coefficient e=7). During multi-party secure computation, while maintaining the encoded values ​​on the encryption ring, the intermediate data does not need to be converted to floating-point numbers. Furthermore, since the inverted bits constitute a Boolean shared form across the data sides, a secure B2A operation can be used to convert the regularized exponent coefficient z=2 into an arithmetic shared form across the data sides.

[0041] Then, using the regularization principle, we calculate x×z=31570×2 -7 =247, corresponding to the floating-point number c = 247 / 2 8 ≈0.964. Therefore, the output c = 247, z = 2, which satisfies x = 123.321 ≈ 0.964 × 2. 7 =c×2 e Among them, 2 e =z -1 .

[0042] When x is a signed (positive or negative) number, considering the sign, we can first compare x with 0 to determine sign(x). Then, c and e above can satisfy x = sign(x) × c × 2 e .

[0043] During the bit-reversal process, the axis is the position between the high-order bits 0100 0000 0000 0000 (0100 0000 0000) and the low-order eight bits 000000000 (corresponding to fxp = 8) (the decimal point position). If the reversal axis (decimal point position) is between the high-order bits 0100 0000 0000 and the low-order four bits 0000, underflow will occur after the reversal, truncating to 0. In fact, numerical overflow can occur whenever the value x is greater than the number of bits in a fixed-point number. Taking a ring size of 64 bits and a fixed-point number fxp of 16 bits as an example, if a data x is 1234567.321, then x is greater than 2. 16Encoded as 80908603949 on a 64-bit ring, its Boolean form, represented in hexadecimal (one digit corresponds to four bits), is 0x00000012d687522d. Taking the most significant bit, we get its hexadecimal Boolean representation: 0x000000100000 0000. Using fxp as 16, the decimal point is reversed. The decimal point is positioned before the last 16 bits (before the last four digits in hexadecimal, i.e., a space). If the reversed value exceeds the lower limit for data processing, it is truncated to 0. In practice, the input range supported by regularization operations in this method is typically 2^32. -(fxp-1) Up to 2 (fxp-1) When x≥2 fxp In such cases, all of the above regularization algorithms may experience downflow.

[0044] The regularization algorithm uses fxp to represent the number of decimal places in floating-point numbers. It's known that too small an fxp leads to reduced computational precision, while too large an fxp may increase computational overhead and reduce the encoding range of the integer part. Thus, using conventional regularization algorithms, the data input range for basic, safe operations such as division, inversion, and square root inversion is limited.

[0045] In view of this, this specification provides an improved regularized data processing technology solution for multi-party secure computation scenarios. By improving the regularization algorithm, the data input range of common basic secure operations such as division, inversion, and square root inversion is expanded. As a result, modeling operations such as tree models and neural network models that rely on these basic operations can support larger data input scales on smaller rings. Smaller rings mean lower memory, computation, and network communication overhead, while larger input scales mean more accurate model processing results, thereby improving data processing efficiency and modeling accuracy.

[0046] To expand the input range of numerical values, the technical concept described in this specification involves shifting the most significant bit before the bit reversal operation in Boolean form, thereby extending the decimal places of the processed data by s bits through the bit reversal operation. Furthermore, for data obtained based on bit shifting, the decimal places are restored through a reverse shift in Boolean form. In this way, in scenarios involving training dense models (such as tree models, neural networks, etc.) and querying dense data (such as SQL queries), the data range supported by operations such as division, inversion, and square root inversion can be expanded, increasing the size of the supported input dataset and improving the accuracy of the final trained model or the accuracy of the data query results.

[0047] To clarify the description, the implementation principle of the technical concept in this specification will still be described below without considering shared fragmentation for multi-party secure computation. In the specific example below, the ring size is 64 bits, the fixed-point number fxp is 16 bits, s = 8, and x = 1234567.321. In this case, the encoded value of the input data x mapped to the ring can be x' = 1234567.321 × 2. 16 ≈80908603949. The encoded value x' = 80908603949 can form an arithmetic sharing form among various data parties. Under a multi-party secure computation architecture, it can be converted into the Boolean form B(x') = 0x00000012d687522d through a secure A2B method.

[0048] In the Boolean representation B(x'), shifting the decimal point 's' to the higher bits and padding it with 0s in the lower bits is equivalent to shifting the decimal point 's' = 8 bits (2 bits in hexadecimal) to the higher bits, which can be denoted as the extended value m = 0x000012d687522d00. For convenience, this can be represented as the Boolean extended value m = B(x × 2 e-1+s ).

[0049] Next, the most significant bit (the bit with a value of 1) of the extended value m in Boolean form is determined, resulting in the Boolean description of the most significant bit: m' = 0x 0000 1000 00-00 0000. This Boolean description is then inverted around the fixed-point position fxp+8 (fxp = 16) as the axis (the axis separates the last six 0s; as in the hexadecimal representation of m' mentioned earlier, "-" indicates the fixed-point position, i.e., the decimal point position). The inversion result is the offset exponent coefficient z = 0x0000 0000 00-00 0008 ("-" indicates the fixed-point position). Furthermore, this offset exponent coefficient z is subjected to a safe conversion (B2A operation) from Boolean form to arithmetic form, resulting in the offset exponent coefficient z = 8, corresponding to the floating-point number 8 / 2. 16 ≈0.00012207. This can be understood because, since the most significant bit is shifted left by 's' bits, and the inversion axis is also shifted left by 's' bits, the inverted bit, compared to the regular no-shift method, is shifted backward by 's' bits in the fractional part. That is, compared to the regular no-shift method, the inverted bit is shifted backward by 's' bits in the fractional part. -e It became 2 with an offset of s bits. -e+s That is to say, 8 / 2 16 =2 -e+s =2 -21+8 The corresponding regularized exponent is e = 21.

[0050] Then, in arithmetic form, calculate the offset value c' of the regularized mantissa c = x × z = (80908603949 × 8) / 2 16 =9876513 (Since both encoded values ​​are derived by multiplying a floating-point number by 2)16 Therefore, when performing multiplication using the encoded values, one 2 needs to be canceled out. 16 For ease of description, c' can be called the offset mantissa. The value 9876513 is the encoded value of the offset mantissa c' on the ring, corresponding to the floating-point number 9876513 / 2. 16 =150.703628.

[0051] Since the offset mantissa c' is determined with a fixed-point offset of s bits, it is further necessary to restore the offset mantissa c' to the regularized mantissa c (usually between 0.5 and 1). Specifically, the encoded value of the offset mantissa c' on the ring is transformed using an A2B transformation to obtain the Boolean representation 0x000000000096b421. Shifting this to the lower bits by s = 8 bits (corresponding to 2 bits in hexadecimal) yields the Boolean representation of c's encoded value on the encryption ring: 0x00000000000096b4. Converting this Boolean representation to arithmetic form gives 38580. That is, the encoded value of c on the encryption ring is 38580, corresponding to the floating-point number 38580 / 2. 16 =0.588684.

[0052] Thus, the encoded value of the regularized mantissa on the encryption ring, c = 38580 (corresponding to the floating-point number 0.588684), and the offset exponent coefficient z = 8 (corresponding to the floating-point number 8 / 2) can be output. 16 =2 -21+8) =2 -e+s ≈0.00012207, e is described by z). Therefore, 1234567.321 ≈ 0.588684 × 2 21 This makes the corresponding floating-point regularization x = c × 2 e This is true. In an optional embodiment, if x is a signed number, then the sign of x, sign(x), can also be output, satisfying x = sign(x) × c × 2. e .

[0053] In the above process, the left shift of the extension bit 's' is equivalent to moving the decimal point, thereby expanding the effective input range of the regularization algorithm to 2^32. -(fxp-1) Up to 2 (fxp-1+s) In particular, it is especially applicable when the number of bits in the encryption ring is t, and when fxp+s≤t / 2.

[0054] The principles described above do not describe the interactions between the various participants in secure multi-party computation. In reality, the conversions between Boolean and arithmetic forms (such as A2B, B2A, etc.) mentioned in these principles are typically used for data sharing conversions in secure multi-party computation scenarios. See below for reference. Figure 2 As shown, taking one of the participants in a multi-party secure computation as an example, the operation performed by a single participant is described in detail.

[0055] Figure 2 This illustration shows a data processing flow for a single participant in a multi-party secure computation according to one embodiment. For ease of description, "first party" refers to any single participant among multiple participants. A single participant can be a computing device participating in the secure computation, a cluster of computing devices, etc., and can correspond to a service provider offering services for a single business, a data provider holding one or more business data, etc. For ease of description, Figure 2 The following description uses the processing of floating-point numbers x as an example. The floating-point number x can be shared among the various participants, such as in an arithmetic sharing format. Arithmetic sharing and Boolean sharing can be converted between these formats. In an arithmetic sharing format, the first party can hold the corresponding first arithmetic fragment; in a Boolean sharing format, the first party can hold the corresponding first Boolean fragment. Based on the conversion methods between Boolean and arithmetic sharing formats (e.g., B2A Boolean sharing to arithmetic sharing, A2B arithmetic sharing to Boolean sharing), it is known that the data described by the first arithmetic fragment and the first Boolean fragment for the same data do not necessarily correspond to each other. That is, the first Boolean fragment is not necessarily the Boolean form describing the first arithmetic fragment, but may be a secure reorganization and form transformation of the data's fragments with other participants.

[0056] During calculation, to protect the floating-point number x, it can be mapped to an encoded value x' on an encrypted ring of predetermined bit length t. The encrypted ring can be a 2k ring (prime number ring), a prime number ring, etc. The predetermined bit length t is the number of bits used to describe the encoded value on the ring; for example, t = 64 means the encoded value can be represented by 64 bits. For a ring with a fixed number of bits, the floating-point encoding bit length fxp is usually fixed. fxp specifies the number of decimal places to retain; for example, fxp = 16, then at most 16 low-order bits can be retained for the fractional part of the value. For example, 0.6 with 16 decimal bits would have a binary representation of approximately 0.1001 1001 1001 1001.

[0057] like Figure 2 As shown, the data processing flow based on multi-party secure computation executed by the first party may include: Step 201, performing an A2B operation to convert arithmetic shared form to Boolean shared form with other participating parties based on the first arithmetic fragment of x', thereby obtaining the first Boolean fragment of x'; Step 202, shifting the first Boolean fragment of x' to the higher bits by s bits and padding it with 0 in the lower bits to obtain the extended value m = x × 2 s The first Boolean segment, where s is the predetermined number of fractional extension bits; step 203, in conjunction with other participants, performs a safe bit reversal operation on the most significant bit of the extension value m to obtain the offset exponent coefficient z = 2. -e+sThe first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 Step 204: Determine the offset exponent coefficient z = 2 by performing a secure B2A operation with other participants. -e+s In step 205, based on the first arithmetic fragment of the offset exponent coefficient z and the first arithmetic fragment of x', the offset mantissa c' = x' × z is determined by secure multiplication with other participants in the arithmetic sharing form, thus obtaining the first arithmetic fragment of the offset mantissa c'; in step 206, based on the first arithmetic fragment of the offset mantissa c', the decimal safe recovery operation is performed on the offset mantissa c' with other participants, thus obtaining the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c', wherein the regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

[0058] First, in step 201, based on the first arithmetic fragment of x', an A2B operation is performed with other participants to convert the arithmetic shared form to the Boolean shared form, thereby obtaining the first Boolean fragment of x'.

[0059] Here, the encoded value x' is the value mapped onto the encryption ring by the data x. Processing of data x can be performed on the encryption ring, and the results of the processing are all values ​​on the encryption ring, which can be converted to the corresponding floating-point number by dividing by 2 raised to the power of fxp. Data x can be raw data provided by a single participant, or data obtained by various participants based on prior data processing operations. The encoded value x' corresponding to data x can be shared among the participants. When data x is raw data provided by a single participant, that single participant can map data x from floating-point form onto the encryption ring to obtain the encoded value x', and randomly split the encoded value x' into multiple shared fragments, sending them to the other participants respectively, thus forming the shared form of x' among the participants. When data x is data obtained by various participants based on prior data processing operations, online data processing operations can use the encoded value mapped onto the encryption ring; therefore, the obtained intermediate data x can also be directly the encoded value x' mapped onto the encryption ring. Furthermore, in multi-party secure computation scenarios, the encoded value x', which serves as an intermediate result, can be shared among the participating parties.

[0060] It is worth noting that the encoded value x' can be shared in either an arithmetic or Boolean form among the participating parties. In the case of Boolean sharing, the shared fragment held by the first party can be called the first Boolean fragment of the encoded value x'. In the case of arithmetic sharing, each participating party can convert the encoded value x' from the arithmetic sharing form to the Boolean sharing form in each participating party via a secure conversion method from arithmetic sharing to Boolean sharing (A2B). The conversion result held by the first party can be called the first Boolean shared fragment of the encoded value x'.

[0061] In Boolean sharing, the encoded value x' is the result of an XOR operation performed sequentially on each Boolean slice corresponding to each participant. For example, if there are 3 participants holding Boolean slices a1 = 0100, a2 = 1101, and a3 = 1011 for a data 'a', then the binary representation of 'a' can be achieved by performing a bit-by-bit XOR operation on a1, a2, and a3. For example, taking the most significant bit as an example, it would be 0⊕1⊕1 = 1⊕1 = 0. Similarly, a = a1⊕a2⊕a3 = 0010.

[0062] Thus, in step 201, the first party can directly obtain the first Boolean shared fragment of the encoded value x', or it can obtain the first Boolean shared fragment of the encoded value x' through an A2B operation securely performed with other participating parties.

[0063] Next, in step 202, the first Boolean segment corresponding to the encoded value x' is shifted s bits to the higher bits and padded with 0s in the lower bits to obtain the extended value m = x × 2. s The first Boolean partition.

[0064] Here, s is a predetermined decimal extension bit, which can be predetermined and disclosed by each participant. The extension bit s can be determined based on the upper bound of the data. For example, during model training, gradient data is usually bounded (e.g., 0 to 0.5). Assuming that the number of samples in a batch does not exceed 1000, the upper bound of the gradient fusion process is 500, and the lower bound is 0. 500 can be described by at most 8 bits, so we can let s = 8.

[0065] It's easy to understand that when each Boolean segment corresponding to the encoded value x' performs the same shift, bit reversal, or other operations, the resulting operations maintain bit consistency. These results constitute the Boolean shared form of the binary representation of the individual operation encoded value x'. For example, Boolean segments a1 = 0100, a2 = 1101, and a3 = 1011 of data a, each shifted one bit to the higher bit and padded with 0s in the lower bit, yield 1000, 1010, and 0110, forming the Boolean shared form of data b = 0100, which is consistent with the data 0100 obtained by shifting one bit to the higher bit and padded with 0s in the lower bit of a = 0010.

[0066] In view of this, in order to jointly process the binary form of the encoded value x', the first party can process the first shared fragment of the encoded value x' using the corresponding processing rules. In this step 202, in order to expand the number of decimal places, the first party can shift the first shared fragment of the encoded value x' to the higher bits by s bits (i.e., s bits) and pad it with 0s in the lower bits.

[0067] It's easy to understand that in Boolean form, shifting the data n bits to the higher digits is equivalent to multiplying by 2 to the power of n. Therefore, shifting the data s bits to the higher digits and padding with 0s in the lower digits is equivalent to multiplying the original value by 2 to the power of s, resulting in the extended value m = x × 2. s ...

[0068] Then, according to step 203, a safe bit reversal operation is performed on the most significant bit of the extension value m in conjunction with other participants to obtain the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 .

[0069] It can be understood that for a data m, its most significant bit is the highest bit with a value of 1. In the Boolean representation of the most significant bit, only the highest true value bit of the extended value m is 1, and all other bits are zero, such as denoted as 2. e-1+s Let e ​​be the regularized exponent of x. Since the extended value m forms a Boolean shared form among the participants, according to the characteristics of the XOR and OR operations, if the XOR result of all the values ​​of a bit is 1, then the OR result is also 1. Therefore, each participant can perform a series of secure OR operations on each Boolean shared segment of the extended value m until a bit with a 1 is obtained, which is the most significant bit.

[0070] In Boolean sharing, a safe OR operation can be implemented using the XOR and AND operations. For example, for two partitions A and B, A OR B can be implemented using (A AND B) XOR (A XOR B). Where A and B consist of multiple bits, A XOR B can be implemented using a bit-by-bit XOR operation; for example, at the i-th bit, A XOR B can be implemented using A XOR B. i xor B i A and B can be implemented. Security or operation can be achieved using conventional techniques, such as those described in the paper "ABY – A Framework for EfficientMixed-Protocol Secure Two-Party Computation" (https: / / encrypto.de / papers / DSZ15.pdf), which will not be elaborated here.

[0071] Thus, the first party can perform a security OR operation with other participants to determine the most significant bit of the extended value m, thereby obtaining the Boolean representation of the most significant bit 2 in each participant. e-1+s Each shared fragment. The fragment obtained by the first party can be represented by the Boolean representation of the most significant bit 2. e-1+s The first Boolean partition.

[0072] Furthermore, the Boolean representation of the most significant bit can be expressed with fxp+s as the axis. e-1+s The first slice is bit-reversed to obtain the offset exponent coefficient z = 2. -e+s The first Boolean partition.

[0073] Based on the principles described above, step 202 shifts the decimal point 's' positions to the higher bits, and the bit reversal axis (i.e., the decimal point position) is shifted 's' positions to the higher bits. In other words, the lower bits (fxp+s) are used as the fractional part, and each participant uses the position between fxp+s and fxp+s+1 as the axis to represent the most significant bit in Boolean form 2. e-1+s By performing a bit-reversal operation on the local fragment, we can obtain the regularized exponent coefficient z = 2. -e+s Each Boolean segment. For the first side, the position between fxp+s and fxp+s+1 can be used as the axis to divide 2. e-1+s Perform a bit reversal operation on the first Boolean segment to obtain the offset exponent coefficient z = 2. -e+s The first Boolean segment. The first Boolean segment of the offset exponent coefficient z, along with the other participants, represents the most significant bit in Boolean form with fxp+s as the axis. e-1+s The other Boolean fragments of z obtained by performing bit-flipping operations on the other fragments constitute the Boolean shared form of z. Since the initial data x' is an encoded value mapped onto the encryption ring, during the secure computation process, each result remains an encoded value mapped onto the encryption ring until decryption is performed to obtain a floating-point value.

[0074] Next, in step 204, the offset exponent coefficient z = 2 is determined by performing a secure B2A operation with other participants. -e+s The arithmetic sharing form is used to obtain the first arithmetic slice of the offset exponent coefficient z.

[0075] The B2A operation, which converts Boolean shared form to arithmetic shared form, will not be elaborated further here. The first party and other participants can convert the offset exponent coefficient z = 2 by performing a safe B2A operation. -e+sThe Boolean sharing form of z is converted to an arithmetic sharing form, where, under the arithmetic sharing form of z, each participating party holds its respective arithmetic slice. The first party may hold the first arithmetic slice of z. It is understandable that there is not necessarily a corresponding relationship between the first Boolean slice of z and the first arithmetic slice of z.

[0076] On the other hand, through step 205, based on the first arithmetic fragment of the offset exponent coefficient z and the first arithmetic fragment of x', the offset mantissa c' = x' × z is determined by secure multiplication in the form of arithmetic sharing with other participants, and the first arithmetic fragment of the offset mantissa c' is obtained.

[0077] Representing the data x as c×2 e In the case of the form, to determine the regularization tail number c, we can use c = x × 2 -e The value of c is deduced. Under the technical concept of this specification, due to the expansion of the decimal places, the offset mantissa c' can be determined first, and then the decimal places restored to obtain the regularized mantissa c of x. According to the regularization principle, the offset mantissa c' can be obtained by c' = x' × 2. -e+s =x' × z determines the result. Compared to c, c' has s more decimal places in binary.

[0078] In the arithmetic sharing format, the product of multiple values ​​(such as x' and z) stored in arithmetic sharing format by each participant can be calculated using secure multiplication. Through the aforementioned steps, x' and z are stored in arithmetic sharing format by each participant. Each participant can calculate c' = x' × z using secure multiplication and obtain the corresponding arithmetic sharing slice of the product in each participant. The slice obtained by the first participant can be denoted as the first arithmetic slice with an offset mantissa c'.

[0079] Where, since z = 2 -e+s With 2 e The product difference is 2 s And x' = c × 2 e Therefore, the regularization mantissa c and the offset exponent coefficient z are used together to describe the result of the regularization operation on the data x. Mapping c to floating-point numbers, theoretically, it can be represented as x = c × 2. e =c×z -1 ×2 s .

[0080] It is understandable that shifting decimal places is difficult in arithmetic form but easy in Boolean form. Therefore, it is necessary to first convert c' from arithmetic shared form to Boolean shared form, and then perform the decimal point shift and restore the arithmetic shared form in Boolean shared form. In this way, each participant can jointly execute a secure A2B operation based on each arithmetic slice of c', thereby obtaining each Boolean slice of c' for each participant, such as the first participant obtaining the first Boolean slice of c'. Each participant then shifts its local Boolean slice 's' bits to the least significant bit, and can pad with 0s at the most significant bit, thereby obtaining each Boolean slice of the regularized mantissa c with restored decimal places, such as the first participant obtaining the first Boolean slice of c. Next, each participant executes a secure B2A operation, thereby obtaining each arithmetic slice of c for each participant, such as the first participant obtaining the first arithmetic slice of c.

[0081] In an optional embodiment, x is a signed numerical value, such as a positive or negative number. Figure 2 The illustrated process may also include a step of determining the sign of x, such as: each participant performing a secure comparison of x with 0, and determining the sign of x based on the comparison result. Before the secure comparison, a single participant or a trusted third party may split the value 0 into multiple arithmetic shares and provide them to each participant, thus creating an arithmetic sharing of the value 0 among the participants. Each participant may hold one share of the comparison result, with the first party holding the first share describing the sign of the floating-point number x. It is easy to understand that the step of determining the sign of x is similar to... Figure 2 The steps in the illustrated process can be independent of each other; therefore, it can... Figure 2 It can be executed before or after any step, or with Figure 2 The steps in the illustrated process are executed in parallel, and no restrictions are imposed here.

[0082] Thus, the mantissa c in the regularization of data x can be determined, and the regularization exponent is represented by the offset exponent z and s. Data x can be represented by c and z, and therefore, through... Figure 2 The flowchart shown outputs shared fragments of c and z, which can be used to process data x in subsequent calculations. When x is a signed number, the output may also include a shared fragment representing the sign of x.

[0083] Reviewing the above process, when the specified number of decimal places (fxp) and the number of extensions (s) of the floating-point number satisfy fxp+s≤t / 2 (t is the number of bits in the ring), the specified number of decimal places of the floating-point number is extended from fxp to fxp+s by shifting s bits to the left (moving s bits in the same direction as the inversion axis). This avoids high-order bit truncation during bit inversion and expands the effective input value range of the regularization algorithm to 2^35. -(fxp-1) Up to 2(fxp-1+s) For example, on a 128-bit ring, with fxp+s = 64, it can handle 2... 63 The maximum input data. And on the 64-bit ring described earlier, with fxp+s = 32, it can process 2... 31 The maximum input data is approximately 2.1 billion, which is far greater than the 32,768 values ​​defined on a ring using conventional 64-bit methods. Therefore, the technical solution provided in this specification can significantly expand the range of floating-point input data processed in multi-party secure computation.

[0084] According to another embodiment, a data processing apparatus for multi-party secure computation is also provided. This apparatus can be located on any data party performing the multi-party secure multiplication computation, such as the first party. Figure 3 An embodiment of a data processing apparatus 300 based on multi-party secure computation is shown. Assuming x is an arbitrary floating-point number, apparatus 300 is suitable for regularization operations on the floating-point number x by multiple participants. The floating-point number x is mapped to an encoded value x' on an encrypted ring described by a predetermined number of bits t. The encoded value x' constitutes an arithmetic-shared form among the participants, with the first party holding a first arithmetic slice of x'.

[0085] like Figure 3 As shown, the device 300 may include:

[0086] The fragmentation conversion unit 301 is configured to perform an A2B operation to convert arithmetic shared form to Boolean shared form based on the first arithmetic fragment and other participants, thereby obtaining the first Boolean fragment of x'.

[0087] The decimal extension unit 302 is configured to shift the first Boolean segment of x' to the higher bits by s bits and pad it with 0s in the lower bits to obtain the extended value m = x × 2. s The first Boolean partition, where s is the predetermined number of decimal places;

[0088] The first determining unit 303 is configured to jointly perform a safe bit reversal operation on the most significant bit of the extended value m with other participants, thereby obtaining the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 ;

[0089] Formal conversion unit 304 is configured to determine the offset exponent coefficient z = 2 by performing a secure B2A operation with other participants. -e+s The arithmetic sharing form is used to obtain the first arithmetic fragment of the offset exponent coefficient z;

[0090] The second determining unit 305, based on the first arithmetic fragment of the offset exponent coefficient z and the first arithmetic fragment of x', determines the offset mantissa c' = x' × z with other participants through secure multiplication, and obtains the first arithmetic fragment of the offset mantissa c'.

[0091] The fractional recovery unit 306 is configured to perform a fractional safe recovery operation on the offset mantissa c' based on the first arithmetic fragment of the offset mantissa c', together with other participants, to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c', wherein the regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

[0092] When the floating-point number x is a signed real number, the device 300 may further include a sign determination unit (not shown), configured as follows:

[0093] Perform a safety comparison with each participant, comparing the floating-point number x with 0;

[0094] The first slice describing the symbol of the floating-point number x is determined based on the comparison results.

[0095] According to one possible design, the first determining unit 303 is further configured as follows:

[0096] By performing a security OR operation with other participants, the most significant bit of the extended value m is determined, resulting in the Boolean representation of the most significant bit 2. e+s-1 In the first slice, the Boolean representation of the most significant bit is 1 only on the first bit that appears 1, and all other bits are zero. e is the regularization exponent.

[0097] Boolean representation of the most significant bit with fxp+s as the axis 2 e+s-1 The first slice is bit-flipped to obtain the tag value z = 2. -e+s The first Boolean segment, where fxp is the number of bits used for the floating-point code.

[0098] In some alternative implementations, the decimal recovery unit 306 is further configured as follows:

[0099] Based on the first arithmetic fragment of the offset mantissa c', perform a safe A2B operation with other participants to obtain the first Boolean fragment of the offset mantissa c';

[0100] Shift the first Boolean segment of the offset mantissa c' to the low bits by s bits and pad with zeros in the high bits to obtain the first Boolean segment of the regularized mantissa c;

[0101] Perform a secure B2A operation on the regularized mantissa c with other participants to obtain the first arithmetic slice of the regularized mantissa c.

[0102] According to an optional embodiment, the sum of the number of floating-point encoding bits and the predetermined number of decimal extension bits does not exceed half of the predetermined number of bits t.

[0103] In one embodiment, the encryption ring is a prime number ring or prime number ring, and the data x is mapped to the encryption ring by taking the integer part of the product of its corresponding value and 2 raised to the power of t.

[0104] The regularization mantissa c and the offset exponent z describe the result of the regularization operation in the following way: the value corresponding to the data x is the product of the regularization mantissa c and the exponent raised to the power of the base 2 mark value z.

[0105] When the data x is a signed number, the result of the regularization operation will still have the sign of x before the product mentioned above. It is worth noting that... Figure 3 The device 300 shown and Figure 2 The methods described correspond to, Figure 2 The corresponding descriptions in the method embodiments also apply to the device 300, and will not be repeated here.

[0106] According to another embodiment, a computer-readable storage medium is also provided, on which a computer program is stored, which, when executed in a computer, causes the computer to perform a combination Figure 2 The methods described above.

[0107] According to another embodiment, a computing device is also provided, including a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, it implements a combination... Figure 2 The methods described above.

[0108] Those skilled in the art will recognize that the functions described in the embodiments of this specification in one or more of the above examples can be implemented using hardware, software, firmware, or any combination thereof. When implemented in software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or code on a computer-readable medium.

[0109] The specific embodiments described above further illustrate the purpose, technical solution, and beneficial effects of the technical concept in this specification. It should be understood that the above description is only a specific embodiment of the technical concept in this specification and is not intended to limit the scope of protection of the technical concept in this specification. Any modifications, equivalent substitutions, improvements, etc., made on the basis of the technical solutions of the embodiments in this specification should be included within the scope of protection of the technical concept in this specification.

Claims

1. A data processing method for multi-party secure computation, applicable to the regularization operation of data x by multiple participants, wherein the floating-point number x is mapped to an encoded value x' on an encrypted ring described by a predetermined number of bits t, the encoded value x' constitutes an arithmetic shared form among the participants, and the first party among the multiple participants holds a first arithmetic slice of x'; The method is performed by a first party and includes: Based on the first arithmetic slice of x', the A2B operation of converting arithmetic shared form to Boolean shared form is performed with other participants to obtain the first Boolean slice of x'; shift the first Boolean fragment of x' to the high bits by s bits and pad with zeros in the low bits to obtain an extended value m = x' x 2s s where s is a predetermined number of decimal extension bits; In conjunction with other participants, a safe bit reversal operation is performed on the most significant bit of the extension value m to obtain the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 ; determining an offset exponent coefficient z = 2 with other participants by performing a secure B2A operation -e+s an arithmetic sharing form of z = 2, obtaining a first arithmetic slice of the offset exponent coefficient z; Based on the first arithmetic slice of the offset exponent coefficient z and the first arithmetic slice of x', the offset mantissa c' = x' × z is determined by secure multiplication with other participants, and the first arithmetic slice of the offset mantissa c' is obtained. Based on the first arithmetic fragment of the offset mantissa c', the other participants perform a fractional-bit safe recovery operation on the offset mantissa c' to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c'. Here, the regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

2. The method as described in claim 1, wherein, The floating-point number x is a signed real number, and the method further includes: Perform a safety comparison with each participant, comparing the floating-point number x with 0; The first slice describing the symbol of the floating-point number x is determined based on the comparison results.

3. The method as described in claim 1, wherein, The most significant bit of the extended value m is reversed with other participants to obtain the offset exponent coefficient z = 2 -e+s The first Boolean slice includes: By performing a security OR operation with other participants, the most significant bit of the extended value m is determined, resulting in the Boolean representation of the most significant bit 2. e+s-1 In the first slice, the Boolean representation of the most significant bit is 1 only on the first bit that appears 1, and all other bits are zero. e is the regularization exponent. Boolean representation of the most significant bit with fxp+s as the axis 2 e+s-1 The first slice is bit-flipped to obtain the tag value z = 2. -e+s The first Boolean segment, where fxp is the number of bits used for the floating-point code.

4. The method of claim 1, wherein, The step of performing a decimal place safe recovery operation on the offset mantissa c' based on the first arithmetic slice of the offset mantissa c' with other participants to obtain the first arithmetic slice of the regularized mantissa c corresponding to the offset mantissa c' includes: Based on the first arithmetic fragment of the offset mantissa c', perform a safe A2B operation with other participants to obtain the first Boolean fragment of the offset mantissa c'; Shift the first Boolean segment of the offset mantissa c' to the low bits by s bits and pad with zeros in the high bits to obtain the first Boolean segment of the regularized mantissa c; Perform a secure B2A operation on the regularized mantissa c with other participants to obtain the first arithmetic slice of the regularized mantissa c.

5. The method of claim 1, wherein, The sum of the number of bits in the floating-point code and the predetermined number of bits for the fractional extension shall not exceed half of the predetermined number of bits t.

6. The method of claim 1, wherein, The encryption ring is a prime number ring or a prime number ring. Data x is mapped to the encryption ring by taking the integer part of the product of its corresponding value and 2 raised to the power of t.

7. The method of claim 1, wherein, The regularization mantissa c and the offset exponent z describe the result of the regularization operation in the following way: the value corresponding to the data x is the product of the regularization mantissa c and the exponent raised to the power of the base 2 mark value z; When the data x is a signed number, the result of the regularization operation also corresponds to the sign of x before the product.

8. A data processing apparatus for multi-party secure computation, suitable for regularization operations on floating-point numbers x by multiple participants, wherein the floating-point numbers x are mapped to encoded values ​​x' on an encrypted ring described by a predetermined number of bits t, the encoded values ​​x' constitute an arithmetic shared form among the participants, and a first party among the multiple participants holds a first arithmetic slice of x'. The device is located in the first party and includes: The fragmentation conversion unit is configured to perform an A2B operation to convert arithmetic shared form to Boolean shared form based on the first arithmetic fragment and other participants, thereby obtaining the first Boolean fragment of x'; The decimal extension unit is configured to shift the first Boolean segment of x' s bits to the higher bits and pad with 0s in the lower bits, resulting in the extended value m = x × 2. s The first Boolean partition, where s is the predetermined number of decimal places; The first determining unit is configured to jointly perform a secure bit reversal operation on the most significant bit of the extension value m with other participants, resulting in the offset exponent coefficient z = 2. -e+s The first Boolean partition, where the most significant bit of the extended value m is represented as 2. e+s-1 ; The form conversion unit is configured to determine the offset exponent coefficient z = 2 by performing a secure B2A operation with other participants. -e+s The arithmetic sharing form is used to obtain the first arithmetic fragment of the offset exponent coefficient z; The second determining unit, based on the first arithmetic slice of the offset exponent coefficient z and the first arithmetic slice of x', determines the offset mantissa c' = x' × z with other participants through secure multiplication, and obtains the first arithmetic slice of the offset mantissa c'. The fractional recovery unit is configured to perform a fractional safe recovery operation on the offset mantissa c' based on the first arithmetic fragment of the offset mantissa c', together with other participants, to obtain the first arithmetic fragment of the regularized mantissa c corresponding to the offset mantissa c'. The regularized mantissa c and the offset exponent coefficient z are used to jointly describe the result of the regularization operation.

9. A computer-readable storage medium having a computer program stored thereon, which, when executed in a computer, causes the computer to perform the method of any one of claims 1-7.

10. A computing device, comprising a memory and a processor, characterized in that, The memory stores executable code, and when the processor executes the executable code, it implements the method of any one of claims 1-7.

Images