Method and apparatus for private intersection

By using hash functions to generate and apply filters between the data source and the querying party, the problem of low efficiency in finding intersections in inter-enterprise data interactions is solved, achieving efficient and privacy-preserving intersection finding, reducing communication volume and improving efficiency.

CN116204922BActive Publication Date: 2026-06-09ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD
Filing Date
2023-03-06
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In the process of data interaction between different enterprises, existing technologies are inefficient in finding intersections, resulting in large communication volumes and insufficient timeliness.

Method used

The data source uses multiple preset hash functions to perform hash calculations on the source identifier, generates a binary array filter, and sends it to the querying party. The querying party uses the same hash function to perform hash calculations on the identifier to be queried, and determines the intersection based on the filter, thereby reducing the amount of data communication.

Benefits of technology

It improves the efficiency of privacy-preserving intersections, reduces the amount of data communication between the data source and the querying party, and enhances communication efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116204922B_ABST
    Figure CN116204922B_ABST
Patent Text Reader

Abstract

Embodiments of the present specification provide a method and device for privacy intersection. In the method, a plurality of hash values of each source identifier corresponding to each data owned by a data source party are obtained by using a plurality of hash functions to hash each source identifier, and a mapped binary array serving as a filter is obtained by mapping the plurality of hash values corresponding to each source identifier to corresponding elements in the binary array. A query party receives the filter from the data source party, hashes a to-be-queried identifier by using the plurality of hash functions to obtain a plurality of to-be-queried hash values, maps the plurality of to-be-queried hash values to the filter to determine values of corresponding elements to which each to-be-queried hash value is mapped, and determines that the data source party does not have data matching the to-be-queried identifier when a first value exists in the corresponding element to which the to-be-queried hash value is mapped.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This specification relates to the field of data privacy technology, and more specifically, to a method and apparatus for privacy intersection. Background Technology

[0002] Data privacy protection refers to measures taken to protect sensitive corporate data. Each company, as a data owner, possesses data distinct from other companies, and each company's private data must be protected from leakage to other companies. However, business interactions between different companies are inevitable. In business interactions involving data, it is necessary to first determine the intersection of the data held by both parties. At this point, a privacy intersection operation is required. Privacy intersection finds the intersection of the datasets held by multiple parties while protecting their privacy. Based on the privacy intersection, subsequent business operations can then proceed. Summary of the Invention

[0003] In view of the above, embodiments of this specification provide a method and apparatus for privacy-preserving intersection. Through the technical solution provided in these embodiments, the querying party processes the query identifier using a filter generation method and determines the intersection query result based on the filter. If a first value exists in the corresponding element mapped to the query hash value, it can be determined that the data source does not have data matching the query identifier, thus eliminating the need for further operations. This reduces the amount of data communication between the data source and the querying party, improves their communication efficiency, and thereby enhances the efficiency of privacy-preserving intersection.

[0004] According to one aspect of the embodiments of this specification, a method for privacy-preserving intersection is provided, wherein the method is performed by a data source, the data source possessing source identifiers corresponding to various data, the method comprising: performing hash calculations on each source identifier using a plurality of preset hash functions to obtain a plurality of hash values, wherein each hash value is obtained by performing hash calculations on one source identifier using one of the hash functions, and the plurality of hash values ​​corresponding to each source identifier are respectively calculated by each hash function; mapping each obtained hash value to a corresponding element in a binary array including a preset number of elements to obtain a mapped binary array, wherein the initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value; sending the mapped binary array as a filter to a querying party, so that the querying party uses the plurality of hash functions to perform hash calculations on a query identifier to obtain a plurality of query hash values, and maps the plurality of query hash values ​​to the filter, so that when a first value exists in the corresponding element mapped to each query hash value, it is determined that the data source does not have data matching the query identifier.

[0005] According to another aspect of the embodiments of this specification, a method for privacy intersection is also provided, wherein the method is executed by a querying party, and a data source party possesses source identifiers corresponding to various data. The data source party uses a plurality of preset hash functions to perform hash calculations on each source identifier to obtain a plurality of hash values, and maps the plurality of hash values ​​corresponding to each source identifier to corresponding elements in a binary array including a preset number of elements to obtain a mapped binary array as a filter, wherein the initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The method includes: receiving the filter from the data source party; performing hash calculations on the query identifier using the plurality of hash functions to obtain a plurality of query hash values; mapping the plurality of query hash values ​​to the filter to determine the value of the corresponding element mapped to each query hash value; and determining that the data source party does not have data matching the query identifier when the corresponding element mapped to the query hash value contains a first value.

[0006] According to another aspect of the embodiments of this specification, a method for privacy intersection is also provided, wherein the data source party possesses source identifiers corresponding to each piece of data. The method includes: the data source party performing hash calculations on each source identifier using a preset plurality of hash functions to obtain a plurality of hash values, wherein each hash value is obtained by hash calculation on one source identifier using one of the hash functions, and the plurality of hash values ​​corresponding to each source identifier are respectively calculated by each hash function; the data source party mapping each obtained hash value to a corresponding element in a binary array including a preset number of elements to obtain a mapped binary array, wherein each element in the binary array... The initial value of each element is a first value, and the corresponding element mapped to each hash value is set to a second value; the data source sends the mapped binary array as a filter to the querying party; the querying party receives the filter from the data source; the querying party uses the multiple hash functions to perform hash calculations on the query identifier to obtain multiple corresponding query hash values; the querying party maps the multiple query hash values ​​to the filter to determine the value of the corresponding element mapped to each query hash value; and when the querying party finds that the data source does not have data matching the query identifier, it determines that the first value exists in the corresponding element mapped to the query hash value.

[0007] According to another aspect of the embodiments of this specification, an apparatus for privacy intersection is also provided, applied to a data source, wherein the data source possesses source identifiers corresponding to various data. The apparatus includes: a hash calculation unit, which performs hash calculations on each source identifier using a plurality of preset hash functions to obtain a plurality of hash values, wherein each hash value is obtained by hash calculation on one source identifier using one of the hash functions, and the plurality of hash values ​​corresponding to each source identifier are calculated by each of the hash functions; a hash value mapping unit, which maps each obtained hash value to a corresponding element in a binary array including a preset number of elements to obtain a mapped binary array, wherein the initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value; and a filter sending unit, which sends the mapped binary array as a filter to a querying party, so that the querying party uses the plurality of hash functions to perform hash calculations on the query identifier to obtain a plurality of query hash values, maps the plurality of query hash values ​​to the filter, and determines that the data source does not have data matching the query identifier when a first value exists in the corresponding element mapped to each query hash value.

[0008] According to another aspect of the embodiments of this specification, an apparatus for privacy intersection is also provided, applied to a querying party and a data source party, which possess source identifiers corresponding to various data. The data source party uses a plurality of preset hash functions to perform hash calculations on each source identifier to obtain a plurality of hash values, and maps the plurality of hash values ​​corresponding to each source identifier to corresponding elements in a binary array including a preset number of elements to obtain a mapped binary array as a filter. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The apparatus includes: a filter receiving unit for receiving the filter from the data source party; a hash calculation unit for performing hash calculations on the query identifier using the plurality of hash functions to obtain a plurality of query hash values; a hash value mapping unit for mapping the plurality of query hash values ​​to the filter to determine the value of the corresponding element mapped to each query hash value; and an intersection result determining unit for determining that when the corresponding element mapped to the query hash value contains a first value, the data source party does not have data matching the query identifier.

[0009] According to another aspect of the embodiments of this specification, an electronic device is also provided, comprising: at least one processor, a memory coupled to the at least one processor, and a computer program stored on the memory, wherein the at least one processor executes the computer program to implement the method for privacy intersection as described above.

[0010] According to another aspect of the embodiments of this specification, a computer-readable storage medium is also provided, which stores a computer program that, when executed by a processor, implements the privacy intersection method as described above.

[0011] According to another aspect of the embodiments of this specification, a computer program product is also provided, including a computer program that, when executed by a processor, implements the privacy intersection method as described above. Attached Figure Description

[0012] A further understanding of the nature and advantages of the embodiments described in this specification can be achieved by referring to the following accompanying drawings. In the drawings, similar components or features may have the same reference numerals.

[0013] Figure 1 A flowchart illustrating an example of a data source generating filter according to an embodiment of this specification is shown.

[0014] Figure 2 A flowchart illustrating an example of a querying party performing privacy intersection using filters according to embodiments of this specification is shown.

[0015] Figure 3 A flowchart illustrating an example of a data source party performing data bucketing based on a source identifier according to an embodiment of this specification is shown.

[0016] Figure 4 A signaling diagram illustrating an example of a privacy intersection method according to an embodiment of this specification is shown.

[0017] Figure 5 A flowchart illustrating an example of a method for privacy intersection according to another embodiment of this specification is shown.

[0018] Figure 6 A flowchart illustrating an example of a method for privacy intersection according to another embodiment of this specification is shown.

[0019] Figure 7 A block diagram of an example of a privacy intersection apparatus according to another embodiment of this specification is shown.

[0020] Figure 8 A block diagram of an example of a privacy intersection apparatus according to another embodiment of this specification is shown.

[0021] Figure 9 A block diagram of an electronic device for implementing a privacy intersection method according to an embodiment of this specification is shown.

[0022] Figure 10 A block diagram of an electronic device for implementing a privacy intersection method according to another embodiment of this specification is shown. Detailed Implementation

[0023] The subject matter described herein will be discussed below with reference to exemplary embodiments. It should be understood that these embodiments are discussed merely to enable those skilled in the art to better understand and implement the subject matter described herein, and are not intended to limit the scope, applicability, or examples set forth in the claims. The function and arrangement of the elements discussed may be changed without departing from the scope of the embodiments described herein. Various processes or components may be omitted, substituted, or added as needed in the various examples. Furthermore, features described in some examples may be combined in other examples.

[0024] As used herein, the term "comprising" and its variations are open terms meaning "including but not limited to". The term "based on" means "at least partially based on". The terms "one embodiment" and "an embodiment" mean "at least one embodiment". The term "another embodiment" means "at least one other embodiment". The terms "first", "second", etc., may refer to different or the same objects. Other definitions, whether explicit or implicit, may be included below. Unless explicitly indicated by the context, the definition of a term shall remain consistent throughout the specification.

[0025] Data privacy protection refers to measures taken to protect sensitive corporate data. Each company, as a data owner, possesses data distinct from other companies, and each company's private data must be protected from leakage to other companies. However, business interactions between different companies are inevitable. In business interactions involving data, it is necessary to first determine the intersection of the data held by both parties. At this point, a privacy intersection operation is required. Privacy intersection finds the intersection of the datasets held by multiple parties while protecting their privacy. Based on the privacy intersection, subsequent business operations can then proceed.

[0026] However, in current methods for finding the intersection of data from different parties, the large amount of data possessed by one or all parties means that performing privacy-preserving intersection operations on large volumes of data requires a significant amount of time, resulting in low efficiency and unreliable timeliness.

[0027] In view of the above, embodiments of this specification provide a method and apparatus for privacy intersection. The data source possesses source identifiers corresponding to various data. In this method, the data source uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. Each hash value is obtained by hashing one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each hash function. The data source maps each obtained hash value to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The data source sends the mapped binary array as a filter to the querying party. The querying party receives the filter from the data source. The querying party uses multiple hash functions to perform hash calculations on the query identifier to obtain multiple query hash values. The querying party maps the multiple query hash values ​​to the filter to determine the value of the corresponding element mapped to each query hash value. When the first value exists in the corresponding element mapped to the query hash value, the querying party determines that the data source does not have data matching the query identifier. The technical solution provided in the embodiments of this specification allows the querying party to process the query identifier using a filter generation method and determine the intersection query result based on the filter. As long as the corresponding element mapped by the query hash value contains a first value, it can be determined that the data source does not have data matching the query identifier, thus eliminating the need for further operations. This reduces the amount of data communication between the data source and the querying party, improves their communication efficiency, and thereby enhances the efficiency of privacy-preserving intersection determination.

[0028] The method and apparatus for privacy-based intersection provided in the embodiments of this specification will now be described in detail with reference to the accompanying drawings.

[0029] The technical solutions provided in the embodiments of this specification may include a data source and a querying party, which may include different enterprises or organizations. For the same enterprise or organization, in different application scenarios, it may act as both a data source and a querying party.

[0030] The data source provider owns the data source, which may include a number of data points, including private data. The querying party may or may not own the data. If the querying party owns the data, it can also act as a data source in other business operations or scenarios.

[0031] In the embodiments of this specification, the intersection obtained by privacy intersection can be represented by data identifiers. Privacy intersection can process the data identifiers, and when the identifiers have an intersection, it can be determined that the corresponding data also have an intersection. When an intersection is obtained through privacy intersection, the query party can obtain the intersection, the data source party can obtain the intersection, or both the query party and the data source party can obtain the intersection.

[0032] In one application scenario of this specification's embodiments, the data source and the querying party use the privacy-preserving intersection method provided in this specification's embodiments to find the data intersection, thereby achieving data alignment. Here, data alignment refers to aligning data from parties targeting the same object, which may include users, etc., with each piece of data processed through data alignment targeting the same object. For example, the data source has data 'a' for user A, and the querying party has data 'b' for user A. Data 'a' and data 'b' are different. The privacy-preserving intersection method provided in this specification's embodiments can determine the intersection for user A, thereby aligning data 'a' and data 'b' for user A.

[0033] Once the data source and querying parties align their data, the aligned data can be used for business operations. For example, aligned data for each user can be used for user behavior modeling.

[0034] In another application scenario of the embodiments of this specification, the querying party's query identifier is targeted at a target user. The privacy-preserving intersection method provided in the embodiments of this specification is used to determine whether an intersection exists, thereby determining whether the data source contains data for the target user. If the querying party determines that the data source contains data for the target user, it can perform business operations targeting that target user. Thus, the privacy-preserving intersection method provided in the embodiments of this specification achieves the purpose of querying for the target user.

[0035] For example, the querying party is an advertiser, and the data source is an advertising platform. As an advertiser, the querying party needs to target ads to specific users. Therefore, the querying party needs to confirm whether the data source platform has target users and the size of those target users. Using the privacy-preserving intersection method provided in the embodiments of this specification, the querying party can determine whether there is an intersection of identifiers for the target users, thereby determining the existence and size of the target users within the data source platform. This allows for targeted ad delivery to the target users in subsequent ad delivery operations.

[0036] Figure 1 A flowchart of an example 100 of a data source generating filter according to an embodiment of this specification is shown.

[0037] Figure 1The filter generation and sending process shown can be completed while the data source is offline. In the offline phase, after generating the filter, the data source can send it to the querying party. When there are multiple querying parties, the data source can send one filter to each of them.

[0038] In one example, for each querying party, after receiving the filter, the filter can be used to determine that the data source does not have data that matches the query identifier when the querying party is online. That is, the querying party in the online stage uses the filter to perform a privacy intersection operation.

[0039] In 110, multiple preset hash functions can be used to perform hash calculations on each source identifier to obtain multiple hash values.

[0040] In the embodiments described in this specification, the preset hash functions are all different. Each hash function can perform a hash calculation on each source identifier, and each hash value is obtained by performing a hash calculation on one source identifier using one of the hash functions. Multiple hash values ​​corresponding to each source identifier are calculated by each of the respective hash functions. For example, if the preset hash functions include hash function H1 and hash function H2, then hash calculations can be performed on a source identifier ID using hash functions H1 and H2 respectively, resulting in two corresponding hash values.

[0041] In step 120, each hash value obtained can be mapped to the corresponding element in the binary array to obtain the mapped binary array.

[0042] In the embodiments of this specification, the length of the binary array can be specified, that is, it can include a preset number of elements. For example, if the length of the binary array is 100, then the binary array can include 100 elements. The initial value of each element of the binary array is a first value, that is, the initial binary array consists of a preset number of first values. In one example, the first value can be 0.

[0043] In the hash value mapping method, each hash value can be mapped to an element in a corresponding binary array, and the corresponding element is set to a second value. In one example, the second value could be 1. Different hash values ​​can be mapped to the same element or different elements. When the value corresponding to the element mapped to a hash value is the first value, the value of that element can be set to the second value. When the value corresponding to the element mapped to a hash value is already the second value, the value of that element can remain unchanged. After mapping each hash value to a binary array, the resulting binary array can consist of the first and second values.

[0044] Mapping methods for hash values ​​can include direct mapping and indirect mapping. In direct mapping, the hash values ​​obtained by each hash function are no greater than a preset number. In one mapping method, the elements in the binary array are numbered sequentially starting from 1. For example, if the preset number is 100, the elements in the binary array are numbered 1, 2, ..., 100. For each hash value obtained, the element with the same number as that hash value is selected from the binary array; this element is the element mapped by that hash value.

[0045] In the indirect mapping method, for each obtained hash value, a remainder value relative to a preset quantity can be calculated. That is, the hash value can be moduloed by the preset quantity. Each hash value corresponds to a remainder value. All obtained remainder values ​​are less than the preset quantity.

[0046] In this mapping method, the elements in the binary array are numbered sequentially starting from 0. For example, if the preset quantity is 100, the elements in the binary array are numbered 0, 2, ..., 99. The remainder values ​​corresponding to each hash value can be mapped to the corresponding elements in the binary array to obtain the mapped binary array.

[0047] For each remainder value, the element with the same number as the remainder value can be selected from the binary array. This element is the element mapped by the hash value corresponding to the remainder value.

[0048] In 130, the mapped binary array can be sent as a filter to the querying party.

[0049] In the embodiments of this specification, the mapped binary array can be used as a filter, which may include Bloom filters and Cuckoo filters, etc.

[0050] In one example, the hash functions used may be pre-agreed upon by the data source and the querying party, so that both parties are aware of the hash functions being used. In another example, the data source can send information about the multiple hash functions used to the querying party, allowing the querying party to be aware of these hash functions.

[0051] After receiving the filter, the querying party can use multiple hash functions to perform hash calculations on the query identifier to obtain multiple corresponding query hash values, and map the multiple query hash values ​​to the filter. When a first value exists in the corresponding element mapped by each query hash value, it is determined that the data source does not have data matching the query identifier.

[0052] Figure 2A flowchart of an example 200 of a querying party performing a privacy intersection using a filter according to an embodiment of this specification is shown.

[0053] Figure 2 The process of the querying party performing a privacy-preserving intersection using a filter, as shown, can occur while the querying party is online. During the online phase, the querying party can determine in real time that the data source does not contain data matching the query identifier. While the querying party is online, it has already received the filter, which can be configured by the data source based on the aforementioned... Figure 1 The method shown is used to obtain it.

[0054] like Figure 2 As shown in 210, filters can be received from the data source.

[0055] Operation 210 can be performed when both the data source and the query are offline, or when both are online.

[0056] In 220, multiple hash functions can be used to perform hash calculations on the identifier to be queried in order to obtain multiple corresponding hash values ​​to be queried.

[0057] The hash function used by the querying party is the same as the hash function used by the data source to generate the filter. Each hash function can perform hash calculations on the query identifier, and each hash value is obtained by performing hash calculations on the query identifier using one of the hash functions, resulting in multiple hash values ​​corresponding to the query identifier.

[0058] In 230, each query hash value can be mapped to a filter to determine the value of the corresponding element mapped to each query hash value.

[0059] The mapping method for the hash value to be queried can include direct mapping and indirect mapping. The mapping method for the hash value to be queried can be obtained from the hash value mapping method used by the data source. When the data source uses a direct mapping method, the query policy can use a direct mapping method for the hash value to be queried. When the data source uses an indirect mapping method, the query policy can use an indirect mapping method for the hash value to be queried.

[0060] In one example, the queryer can calculate the remainder of each hash value to be queried relative to a preset number; and map the remainder of each hash value to a corresponding element in a filter to determine the value of the element mapped to each hash value. In another example, for each hash value obtained, the element with the same number as that hash value is selected from the binary array; this element is the element mapped to that hash value.

[0061] In 240, if the first value exists in the corresponding element mapped to the hash value to be queried, it can be determined that the data source does not have data that matches the identifier to be queried.

[0062] In the above process, the querying party only needs to determine, based on the filter, that the first value exists among the corresponding elements mapped to the hash value to be queried. This allows them to conclude that the data source does not contain data matching the query identifier, thus eliminating the need for further operations. This reduces the amount of data communication between the data source and the querying party, improves their communication efficiency, and consequently enhances the efficiency of privacy-preserving intersection.

[0063] Furthermore, when the corresponding elements mapped to the hash value to be queried are all second values, it is uncertain whether the data source has data that matches the identifier to be queried, and subsequent operations need to be performed to determine whether the data source has data that matches the identifier to be queried.

[0064] This specification also provides an example of a method for privacy intersection, in which the data source owner has source identifiers for each piece of data.

[0065] The data source can use multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. Each hash value is obtained by performing hash calculations on one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each of the hash functions.

[0066] The data source can map each obtained hash value to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value.

[0067] The data source can send the mapped binary array as a filter to the querying party.

[0068] The querying party can receive filters from the data source.

[0069] The querying party can use multiple hash functions to perform hash calculations on the identifier to be queried in order to obtain multiple corresponding hash values ​​to be queried.

[0070] The querying party can map multiple hash values ​​to a filter to determine the value of the corresponding element mapped to each hash value.

[0071] The querying party can determine that the data source does not have data matching the query identifier if the first value exists in the corresponding element mapped to the hash value to be queried.

[0072] Figure 3A flowchart of an example 300 of a data source party performing data bucketing based on a source identifier according to an embodiment of this specification is shown.

[0073] like Figure 3 As shown in 310, the data source key of the data source party can be used to encrypt each source identifier once according to the encryption algorithm to obtain the ciphertext of the source identifier corresponding to each source identifier.

[0074] In the embodiments described in this specification, all data owned by the data source can be queried by the querying party, and the data source key of the data source can be the private key held by the data source.

[0075] Each piece of data owned by the data source can be associated with a source identifier. Different data have different source identifiers, which can be used to represent the corresponding data. Different types of data can use different objects as source identifiers. For example, enterprise data can use the unified social credit code as the source identifier, while user data can use their identity verification number as the source identifier.

[0076] All source identifiers owned by the data source provider are encrypted using the same data source key and encryption algorithm. Each source identifier can be associated with a ciphertext of the source identifier. There is a one-to-one correspondence between the source identifiers owned by the data source provider and the ciphertexts of the source identifiers obtained.

[0077] For example, the ciphertext of a source identifier id_b can be represented as E(Akey, id_b), where E represents the encrypted ciphertext and Akey represents the data source key. E(Akey, id_b) represents the ciphertext of the source identifier id_b obtained by encrypting the source identifier id_b once using the data source key Akey.

[0078] In the embodiments of this specification, the encryption algorithm satisfies the commutative law, that is, when the encryption algorithm is used for multiple encryptions, the encryption order does not affect the encryption result.

[0079] For example, in one encryption method, an identifier is first encrypted using the data source key from the data source provider, and then the corresponding ciphertext is further encrypted using the query key from the query provider to obtain a second ciphertext. In another encryption method, the same identifier can be first encrypted using the query key, and then the corresponding ciphertext can be further encrypted using the data source key to obtain a second ciphertext. The two ciphertexts obtained by the two encryption methods are identical. For example, the commutative law of an encryption algorithm can be expressed as follows:

[0080] E(Bkey, E(Akey, id))=E(Akey, E(Bkey, id))

[0081] Where Bkey represents the query key, E(Akey, id) represents the ciphertext obtained by encrypting the identifier id once using the data source key Akey, E(Bkey, id) represents the ciphertext obtained by encrypting the identifier id once using the query key Bkey, E(Bkey, E(Akey, id)) represents the ciphertext obtained by encrypting the ciphertext E(Akey, id) twice using the query key Bkey, and E(Akey, E(Bkey, id)) represents the ciphertext obtained by encrypting the ciphertext E(Bkey, id) twice using the data source key Akey.

[0082] In one example, commutative encryption algorithms may include RSA and ECC (Elliptic Curve Cryptography). The encryption algorithms used in the embodiments of this specification are the same.

[0083] In 320, the obtained source identifier can be distributed to multiple buckets in one go according to the data bucketing method.

[0084] In the embodiments of this specification, data bucketing involves distributing a number of data points into multiple buckets according to a predetermined method, which is a type of data preprocessing. Here, a bucket can be understood as a category of data; data assigned to the same bucket belongs to the same category.

[0085] The number of buckets can be customized; for example, a specified number of buckets can be preset. Each bucket can have a corresponding bucket number, and different buckets have different bucket numbers. In one example, the bucket numbers can be consecutive integers starting from 0, such as 0, 1, 2, ...

[0086] In the embodiments of this specification, data bucketing is performed based on identifiers. For example, the data bucketing method used by the data source is based on the source identifier, and the data bucketing method used by the querying party is based on the identifier to be queried. The objects allocated according to the data bucketing method are the encrypted source identifiers. After allocating the encrypted source identifiers according to the data bucketing method, each bucket can include multiple encrypted source identifiers. The number of encrypted source identifiers included in each bucket can be the same or different. In one example, the data bucketing method used in the various embodiments of this specification is the same.

[0087] In one example, a hash algorithm can be used to calculate the source identifier hash value corresponding to each source identifier.

[0088] In this example, a hash algorithm is used to calculate the hash value of each source identifier, which can be represented as hash(id_b), where hash represents the hash value of the source identifier and id_b represents the source identifier.

[0089] After obtaining the source identifier hash value corresponding to each source identifier, the ciphertext of each source identifier can be distributed to various buckets according to the obtained source identifier hash value and a specified number. The specified number represents the total number of buckets. Each source identifier is distributed to one bucket.

[0090] Based on the one-to-one correspondence between the source identifier and its ciphertext, there is a one-to-one correspondence between the data, the source identifier, and its ciphertext. Furthermore, each source identifier corresponds to a source identifier hash value.

[0091] In one example, for each source identifier hash value, the remainder of that hash value divided by a specified number can be calculated, represented as: (hash(id_b))%(bucket_count), where % represents the remainder calculation and bucket_count represents the specified number of buckets. Then, the resulting remainder value is compared with each bucket number to determine the bucket number that matches the remainder value. The source identifier corresponding to the source identifier hash value is then encrypted and assigned to the bucket corresponding to the determined bucket number.

[0092] For example, if the specified number of buckets is 100, and the bucket numbers are 0, 1, ..., 99, and the source identifier hash value obtained by hash calculation is 2, then the remainder of the source identifier hash value 2 divided by the specified number 100 can be calculated, and the remainder value is 2. Therefore, the source identifier corresponding to the source identifier hash value can be ciphertextally distributed to the bucket with bucket number 2 in one go.

[0093] In one example, after each source identifier is assigned a ciphertext, the number of source identifiers assigned in each bucket may differ. When the number of source identifiers assigned in each bucket is inconsistent, data padding can be performed on buckets where the number of source identifiers assigned in each bucket is less than the maximum number, so that the number of source identifiers assigned in each bucket is consistent.

[0094] In this example, the maximum number can be obtained by comparing the number of source identifier ciphertexts allocated in each bucket. The maximum number can be the bucket with the most source identifier ciphertexts. Different buckets can have different amounts of data added. For example, if the maximum number is 1000, and a bucket only contains 300 source identifier ciphertexts, then 700 data points need to be added to bring the total number of source identifier ciphertexts in that bucket to 1000.

[0095] In one example, dummy data can be used for data completion. The dummy data is only used to maximize the amount of ciphertext containing the source identifier in the bucket, and is not used in subsequent privacy-preserving intersection operations.

[0096] By performing data completion operations, it can be ensured that the amount of data in each bucket is consistent, avoiding the risk of information leakage caused by the statistical information leakage reflected in the allocation results obtained by data bucketing, thereby ensuring data security.

[0097] In one example Figure 3 The illustrated scheme involves the data source performing a data bucketing operation on the encrypted data for each source identifier. This data bucketing operation can be performed offline. Therefore, once both the data source and the querying party are online, and in the online phase, the encrypted data for each source identifier has been allocated. The data source can then directly retrieve the encrypted data from the corresponding bucket and provide it to the querying party. This improves the timeliness of privacy-preserving intersection operations during the online phase.

[0098] Figure 4 A signaling diagram of an example 400 of a privacy intersection method according to an embodiment of this specification is shown.

[0099] Figure 4 The scheme shown is executed when it is determined that the corresponding element mapped to each queried hash value in the filter is the second value. Figure 4 In the illustrated scheme, the data source and the querying party interact. In one example, Figure 4 The privacy intersection operation shown can be applied in the online phase, so that both the data source and the querying party performing the privacy intersection operation are online. By having the data source and the querying party interact in the online phase to execute the privacy intersection operation provided in the embodiments of this specification, the timeliness of the privacy intersection operation in the online phase is ensured.

[0100] When the data source is online, the source identifiers corresponding to each piece of data owned by the data source are used to generate corresponding ciphertexts of the source identifiers through the data source key and encryption algorithm. The generated ciphertexts of the source identifiers are then distributed to a specified number of buckets according to the data bucketing method.

[0101] like Figure 4 As shown in 410, the querying party can use its own querying key to encrypt the identifier to be queried once according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried.

[0102] In the embodiments of this specification, the identifier to be queried can be determined by the querying party. The querying party determines whether there is an identifier in the source identifier of the data source party that is the same as the identifier to be queried by performing a privacy intersection operation, thereby determining whether there is data in the data owned by the data source party that matches the data corresponding to the identifier to be queried.

[0103] The query key is a key owned by the querying party, which can be their private key. The encryption algorithm used by the querying party is consistent with the encryption algorithm used by the data source party, and both satisfy the commutative law. In one example, the encryption algorithm can be determined through negotiation between the data source party and the querying party.

[0104] The identifier to be queried corresponds to the ciphertext of the identifier to be queried. The ciphertext of the identifier to be queried can be represented as: E(Bkey, id1), where Bkey represents the query key and id1 represents the identifier to be queried.

[0105] In section 420, the querying party can send the encrypted identifier to be queried, along with the hash value of the identifier or the bucket number to be queried, to the data source.

[0106] In one example, the querying party can send the encrypted queried identifier and the corresponding hash value of the queried identifier to the data source party.

[0107] In this example, the hash value of the queried identifier can be obtained based on the queried identifier. In one example, the querying party can use a hash algorithm to hash the queried identifier to obtain the corresponding hash value. In one example, the hash algorithm used by the querying party can be the same as the hash algorithm used by the data source. The hash algorithm can be determined through negotiation between the data source and the querying party. In one example, the hash function in the hash algorithm used by the querying party can be the same as one of the multiple hash functions used by the data source to obtain the binary array.

[0108] In another example, the querying party can send the obtained query identifier in encrypted form along with the query bucket number to the data source party.

[0109] In this example, before sending the query, the querying party can process the hash value of the identifier to be queried according to the data bucketing method to obtain the bucket number corresponding to the identifier to be queried.

[0110] In one example of data bucketing, the queryer can use a hash algorithm to perform a hash calculation on the identifier to be queried to obtain the hash value of the identifier to be queried. Then, based on the obtained hash value of the identifier to be queried and a specified number used to represent the total number of buckets, the bucket number corresponding to the hash value of the identifier to be queried is determined. This bucket number is the bucket number corresponding to the identifier to be queried.

[0111] In this example, after obtaining the bucket number corresponding to the identifier to be queried, the querying party can send the encrypted identifier and the bucket number to the data source. In this example, the querying party obtains the bucket number, allowing the data source to directly access and use it without needing to perform the operation of obtaining the bucket number according to the data bucketing method. This reduces the data processing workload for the data source and improves its execution efficiency, thereby enhancing the overall efficiency of privacy-preserving intersection.

[0112] At 430, the data source can obtain the bucket number to be queried and the encrypted identifier to be queried.

[0113] The queried identifier is sent by the querying party in encrypted form. The queried bucket number can be sent directly by the querying party, or it can be obtained by the data source based on the hash value of the queried identifier sent by the querying party.

[0114] In one example, when the querying party sends the encrypted identifier and hash value of the identifier to the data source, the data source receives the hash value and encrypted identifier of the identifier from the querying party. Then, it can process the hash value of the identifier according to the data bucketing method to obtain the bucket number corresponding to the identifier.

[0115] In this example, the querying party can use a hash algorithm to perform a hash calculation on the identifier to be queried to obtain the hash value of the identifier to be queried. The data source then determines the bucket number corresponding to the hash value of the identifier to be queried based on the obtained hash value and a specified number used to represent the total number of buckets. This bucket number is the bucket number corresponding to the identifier to be queried.

[0116] At 440, the data source can use the data source key to perform secondary encryption on the ciphertext of the identifier to be queried according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the identifier to be queried.

[0117] In one example, the ciphertext of the queried identifier is E(Bkey, id1). The data source uses the data source key Akey to encrypt the ciphertext of the queried identifier a second time. The resulting ciphertext of the queried identifier can be represented as E(Akey, E(Bkey, id1)).

[0118] In step 450, the data source can obtain the source identifier of the corresponding bucket in a single encrypted form based on the bucket number to be queried.

[0119] The data source can compare the bucket number to be queried with the bucket numbers of various buckets to determine the bucket corresponding to the bucket number that matches the bucket number to be queried. For example, if the bucket number to be queried is 2, then the determined bucket is bucket number 2.

[0120] We can assume that when the data source has a source identifier that is the same as the identifier to be queried, this source identifier will be assigned to the same bucket as the identifier to be queried because they are identical. Based on this, a source identifier identical to the identifier to be queried can only exist in the bucket corresponding to the bucket number of the bucket to be queried. Therefore, subsequent processing only needs to be performed once on the ciphertext of the source identifier in the identified bucket, without processing other buckets. This significantly reduces the data processing workload on the data source side, correspondingly reducing data processing time and improving the timeliness of privacy intersection operations. When privacy intersection operations are applied in the online phase, the timeliness of privacy intersection operations in the online phase can be further improved.

[0121] After identifying the bucket corresponding to the bucket number that matches the bucket number to be queried, the source identifier can be retrieved once from the identified bucket. In one example, if the data source uses fake data to perform data completion, and fake data used for data completion exists in the identified bucket, the fake data can be removed, and only the source identifier in that bucket can be retrieved once.

[0122] It should be noted that the order of operations 440 and 450 is not limited. Figure 4 The operation sequence of 440 and 450 shown is only an example.

[0123] In 460, the data source can send the secondary ciphertext of the identifier to be queried and the primary ciphertext of the obtained source identifier to the querying party.

[0124] After receiving the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier, at 470, the querying party can use its key to perform secondary encryption on each of the received primary ciphertexts of the source identifier according to the encryption algorithm to obtain the corresponding secondary ciphertext of the source identifier.

[0125] In one example, the primary ciphertext of the source identifier received by the querying party is represented as E(Akey, id_b). The querying party then uses its querying key Bkey to perform secondary encryption on the primary ciphertext E(Akey, id_b), resulting in the secondary ciphertext of the source identifier, which can be represented as E(Bkey, E(Akey, id_b)). For instance, on the data source side, the source identifiers corresponding to the determined buckets are id_b1, id_b2, ..., so the primary ciphertexts of the source identifiers received by the querying party are E(Akey, id_b1), E(Akey, id_b2), ..., and correspondingly, the secondary ciphertexts of the source identifiers obtained by the querying party are E(Bkey, E(Akey, id_b1)), E(Bkey, E(Akey, id_b2)), ...

[0126] In 480, the querying party can determine the intersection query result for the target identifier based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

[0127] In the embodiments of this specification, the querying party can compare the secondary ciphertext of the identifier to be queried with the secondary ciphertext of each source identifier to determine whether the secondary ciphertext of each source identifier is the same as the secondary ciphertext of the identifier to be queried, and then determine the intersection query result for the data to be queried.

[0128] In one example, if there is a source identifier secondary ciphertext that is the same as the source identifier secondary ciphertext to be queried in the source identifier secondary ciphertext, it can be determined that there is a source identifier in the source identifiers owned by the data source party that is the same as the source identifier to be queried, thereby determining that there is data in the data owned by the data source party that matches the data corresponding to the source identifier to be queried (which can also be called the data to be queried).

[0129] When the secondary ciphertext of the source identifier and the secondary ciphertext of the identifier to be queried are different, it can be determined that the source identifier and the identifier to be queried owned by the data source party are different. Therefore, it can be determined that there is no data in the data owned by the data source party that matches the data corresponding to the identifier to be queried.

[0130] In the embodiments of this specification, the data owned by the data source that matches the data to be queried (hereinafter referred to as source data) and the data to be queried have the same identifier, that is, both are query identifiers. The source data and the data to be queried can be the same data or different data. When the source data and the data to be queried are different, the data features included in the source data can differ from the data features included in the data to be queried. For example, if the data to be queried is for user A, then the source data matching the data to be queried is also for user A, but the data features included in the data to be queried are user A's behavioral characteristics before 2020, while the data features included in the source data matching the data to be queried are user A's behavioral characteristics after 2020.

[0131] Figure 5 A flowchart of an example 500 of a method for privacy intersection according to another embodiment of this specification is shown.

[0132] Figure 5 The scheme shown is executed when the querying party determines that the corresponding element mapped to each hash value to be queried in the filter is the second value. Figure 5 The operation of the scheme shown can be Figure 1 The subsequent operations of the scheme shown. Figure 5 The privacy intersection method shown is executed by the data source. The source identifiers corresponding to each piece of data owned by the data source are used to generate corresponding ciphertexts of the source identifiers through the data source key of the data source and an encryption algorithm that satisfies the commutative law. The generated ciphertexts of the source identifiers are distributed to a specified number of buckets according to the data bucketing method, and each bucket has a corresponding bucket number.

[0133] like Figure 5 As shown in section 510, we can obtain the ciphertext of the queried identifier sent by the querying party, and the bucket number obtained by data bucketing based on the hash value of the queried identifier. The ciphertext of the queried identifier is obtained by the querying party encrypting the queried identifier once using its own querying key according to the encryption algorithm.

[0134] In one example, the querying party can receive the encrypted text of the query identifier and the query bucket number corresponding to the query identifier. The query bucket number is obtained by the querying party processing the hash value of the query identifier corresponding to the query identifier according to the data bucketing method.

[0135] In one example, the queryer can receive the hash value of the identifier to be queried and the encrypted one-time ciphertext of the identifier to be queried; and process the hash value of the identifier to be queried according to the data bucketing method to obtain the corresponding bucket number to be queried.

[0136] In 520, the data source key can be used to perform secondary encryption on the ciphertext of the identifier to be queried according to the encryption algorithm to obtain the corresponding secondary ciphertext of the identifier to be queried.

[0137] At 530, the source identifier of the corresponding bucket can be obtained once based on the bucket number to be queried.

[0138] In step 540, the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained can be sent to the querying party, so that the querying party can use the querying party's key to perform secondary encryption on the primary ciphertext of the source identifier according to the encryption algorithm to obtain the corresponding secondary ciphertext of the source identifier, and determine the intersection query result based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

[0139] In one example, the data source and the querying party are online when they interact to perform a privacy-preserving intersection operation.

[0140] In one example, the data source can also use the data source key to encrypt each of its source identifiers once according to the encryption algorithm to obtain the ciphertext of the source identifier corresponding to each source identifier; and distribute the obtained ciphertext of the source identifier to multiple buckets according to the data bucketing method.

[0141] In one example, the data source can also use a hash algorithm to calculate the hash value of each source identifier to obtain the hash value of each source identifier; and distribute each source identifier to each bucket in one ciphertext according to the obtained source identifier hash value and a specified number.

[0142] In one example, after the ciphertext of each source identifier is allocated, if the number of ciphertexts allocated to each bucket is inconsistent, the data source can also fill in the data in the buckets where the number of ciphertexts allocated to each source identifier has not reached the maximum number, so that the number of ciphertexts allocated to each bucket is consistent.

[0143] Figure 6 A flowchart of an example 600 of a method for privacy intersection according to another embodiment of this specification is shown.

[0144] Figure 6 The scheme shown is executed when the querying party determines that the corresponding element mapped to each hash value to be queried in the filter is the second value. Figure 6 The operation of the scheme shown can be Figure 2 The subsequent operations of the scheme shown. Figure 6 The privacy-preserving intersection method shown is executed by the querying party. The source identifiers corresponding to each piece of data owned by the data source party are used to generate corresponding ciphertexts of the source identifiers through the data source party's data source key and an encryption algorithm that satisfies the commutative law. The generated ciphertexts of the source identifiers are distributed to a specified number of buckets according to the data bucketing method, and each bucket has a corresponding bucket number.

[0145] like Figure 6 As shown in 610, the query key can be used to encrypt the identifier to be queried once according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried.

[0146] In step 620, the primary ciphertext of the identifier to be queried, along with the hash value of the identifier or the bucket number to be queried, can be sent to the data source. This allows the data source to obtain the secondary ciphertext of the identifier to be queried based on the primary ciphertext and to retrieve the primary ciphertext of the source identifier in the corresponding bucket based on the bucket number. The bucket number is obtained based on the hash value of the identifier to be queried according to the data bucketing method. The secondary ciphertext of the identifier to be queried is obtained by the data source using the data source key and an encryption algorithm to encrypt the primary ciphertext of the identifier to be queried a second time.

[0147] At 630, the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained from the corresponding bucket can be received from the data source.

[0148] In 640, the query key can be used to encrypt the received source identifier ciphertext a second time according to the encryption algorithm to obtain the corresponding source identifier ciphertext a second time.

[0149] In 650, the intersection query result for the target identifier can be determined based on the secondary ciphertext of the target identifier and the secondary ciphertext of the source identifier.

[0150] In one example, when the querying party sends the bucket number to be queried to the data source, before sending the bucket number, the querying party can also process the hash value of the identifier to be queried according to the data bucketing method to obtain the bucket number corresponding to the identifier to be queried.

[0151] In one example, if the source identifier's secondary ciphertext contains a source identifier secondary ciphertext that is identical to the query identifier's secondary ciphertext, the querying party can also determine that the data source contains data matching the query identifier. If both the source identifier's secondary ciphertext and the query identifier's secondary ciphertext are different, the querying party can also determine that the data source does not contain data matching the query identifier.

[0152] In one example, the data source and the querying party are online when they interact to perform a privacy-preserving intersection operation.

[0153] Figure 7 A block diagram of an example of a privacy intersection apparatus 700 according to another embodiment of this specification is shown.

[0154] Figure 7 The privacy intersection device 500 shown is applied to the data source side, which possesses source identifiers corresponding to each piece of data.

[0155] like Figure 7 As shown, the privacy intersection device 700 includes: a hash calculation unit 710, a hash value mapping unit 720, and a filter sending unit 730.

[0156] The hash calculation unit 710 can be configured to perform hash calculations on each source identifier using multiple preset hash functions to obtain multiple hash values. Each hash value is obtained by performing hash calculations on one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each of the hash functions.

[0157] The hash value mapping unit 720 can be configured to map each obtained hash value to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array, wherein the initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value.

[0158] The filter sending unit 730 can be configured to send the mapped binary array as a filter to the query party, so that the query party uses multiple hash functions to perform hash calculations on the query identifier to obtain multiple corresponding query hash values, and maps the multiple query hash values ​​to the filter, so that when the first value exists in the corresponding element mapped by each query hash value, it is determined that the data source does not have data matching the query identifier.

[0159] In one example, each source identifier owned by the data source provider generates a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts of each source identifier are then distributed into a specified number of buckets according to the data bucketing method, with each bucket corresponding to a bucket number.

[0160] The privacy request device 700 may further include: an acquisition unit, an encryption unit, a ciphertext acquisition unit, and a ciphertext transmission unit.

[0161] The obtaining unit can be configured to, when the querying party determines that the corresponding elements mapped to each query hash value in the filter are all second values, obtain the first ciphertext of the query identifier corresponding to the query identifier sent by the querying party, and the query bucket number obtained according to the data bucketing method based on the hash value of the query identifier corresponding to the query identifier. The first ciphertext of the query identifier is obtained by the querying party encrypting the query identifier once using its own querying key according to the encryption algorithm.

[0162] In one example, the obtaining unit can also be configured to receive, from the querying party, the encrypted text of the query identifier corresponding to the query identifier and the query bucket number, wherein the query bucket number is obtained by the querying party processing the hash value of the query identifier corresponding to the query identifier according to the data bucketing method.

[0163] In one example, the obtaining unit can also be configured to: receive the hash value of the identifier to be queried and the ciphertext of the identifier to be queried from the querying party; and process the hash value of the identifier to be queried according to the data bucketing method to obtain the corresponding bucket number to be queried.

[0164] The encryption unit can be configured to use the data source key to perform secondary encryption on the ciphertext of the query identifier according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the query identifier.

[0165] The ciphertext retrieval unit can be configured to retrieve the source identifier of the corresponding bucket once based on the bucket number to be queried.

[0166] The ciphertext sending unit can be configured to send the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained to the querying party, so that the querying party can use the querying party key to perform secondary encryption on the primary ciphertext of the source identifier according to the encryption algorithm to obtain the corresponding secondary ciphertext of the source identifier, and determine the intersection query result based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

[0167] In one example, the data source and the querying party are online when they interact to perform a privacy-preserving intersection operation.

[0168] In one example, the privacy intersection device 700 may also include: a data bucketing unit.

[0169] The encryption unit can also be configured to encrypt each source identifier using the data source key and an encryption algorithm to obtain a ciphertext of the source identifier corresponding to each source identifier. The data bucketing unit can be configured to distribute the obtained ciphertext of the source identifier into multiple buckets according to the data bucketing method.

[0170] In one example, the data bucketing unit can also be configured to: calculate the source identifier hash value corresponding to each source identifier using a hash algorithm; and distribute each source identifier to each bucket in one ciphertext according to the obtained source identifier hash value and a specified number.

[0171] In one example, the privacy intersection device 700 may further include a data completion unit. This data completion unit can be configured to: after the ciphertext allocation of each source identifier is completed, when the number of ciphertexts allocated to each bucket is inconsistent, perform data completion on the buckets where the number of ciphertexts allocated to the source identifier has not reached the maximum number, so that the number of ciphertexts allocated to the source identifier in each bucket is consistent.

[0172] Figure 8 A block diagram of an example of a privacy intersection apparatus 800 according to another embodiment of this specification is shown.

[0173] Figure 8 The privacy intersection device 800 shown is applied to the querying party and the data source party, which possesses source identifiers corresponding to various data. The data source party uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. The multiple hash values ​​corresponding to each source identifier are mapped to corresponding elements in a binary array containing a preset number of elements to obtain a mapped binary array as a filter. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value.

[0174] like Figure 8 As shown, the privacy intersection device 800 includes: a filter receiving unit 810, a hash calculation unit 820, a hash value mapping unit 830, and an intersection result determination unit 840.

[0175] The filter receiving unit 810 can be configured to receive filters from the data source.

[0176] The hash calculation unit 820 can be configured to use multiple hash functions to perform hash calculations on the identifier to be queried in order to obtain multiple corresponding hash values ​​to be queried.

[0177] The hash value mapping unit 830 can be configured to map multiple hash values ​​to be queried to a filter in order to determine the value of the corresponding element mapped to each hash value to be queried.

[0178] The intersection result determination unit 840 can be configured to determine that there is no data matching the identifier to be queried in the data source when the first value exists in the corresponding element mapped by the hash value to be queried.

[0179] In one example, each source identifier owned by the data source provider generates a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts of each source identifier are then distributed into a specified number of buckets according to the data bucketing method, with each bucket corresponding to a bucket number.

[0180] The privacy query device 800 includes: a primary encryption unit, a sending unit, a receiving unit, a secondary encryption unit, and a query result determination unit.

[0181] An encryption unit can be configured to encrypt the identifier to be queried once using the query key according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried.

[0182] The sending unit can be configured to send the primary ciphertext of the identifier to be queried, as well as the hash value of the identifier to be queried or the bucket number to be queried, to the data source party, so that the data source party can obtain the secondary ciphertext of the identifier to be queried based on the primary ciphertext of the identifier to be queried, and obtain the primary ciphertext of the source identifier in the corresponding bucket based on the bucket number to be queried. The bucket number to be queried is obtained according to the data bucketing method based on the hash value of the identifier to be queried. The secondary ciphertext of the identifier to be queried is obtained by the data source party using the data source key to encrypt the primary ciphertext of the identifier to be queried a second time according to the encryption algorithm.

[0183] The receiving unit can be configured to receive the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained from the corresponding bucket from the data source.

[0184] The secondary encryption unit can be configured to use the query key to perform secondary encryption on the received primary ciphertext of the source identifier according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the source identifier. In one example, the primary encryption unit and the secondary encryption unit can be the same encryption unit.

[0185] The query result determination unit can be configured to determine the intersection query result for the query identifier based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

[0186] In one example, the privacy intersection device 800 may further include a data bucketing unit, which can be configured to: when the querying party sends the bucket number to be queried to the data source, process the hash value of the identifier to be queried according to the data bucketing method before sending the bucket number to be queried, so as to obtain the bucket number to be queried corresponding to the identifier to be queried.

[0187] In one example, the query result determination unit can also be configured such that: if a source identifier secondary ciphertext exists that is identical to the queried identifier secondary ciphertext, the querying party can further determine that the data source contains data matching the queried identifier. If both the source identifier secondary ciphertext and the queried identifier secondary ciphertext are different, the querying party can further determine that the data source does not contain data matching the queried identifier.

[0188] In one example, the data source and the querying party are online when they interact to perform a privacy-preserving intersection operation.

[0189] Reference above Figures 1 to 8 Embodiments of the method and apparatus for privacy intersection according to the embodiments of this specification have been described.

[0190] The privacy intersection apparatus described in this specification can be implemented in hardware, software, or a combination of both. Taking software implementation as an example, as a logical device, it is formed by the processor of its host device reading the corresponding computer program instructions from the memory into memory and executing them. In the embodiments of this specification, the privacy intersection apparatus can be implemented, for example, using an electronic device.

[0191] Figure 9 A block diagram of an electronic device 900 for implementing a privacy intersection method according to an embodiment of this specification is shown.

[0192] like Figure 9 As shown, the electronic device 900 may include at least one processor 910, a memory (e.g., non-volatile memory) 920, a RAM 930, and a communication interface 940, and the at least one processor 910, memory 920, RAM 930, and communication interface 940 are connected together via a bus 950. The at least one processor 910 executes at least one computer-readable instruction (i.e., the elements implemented in software above) stored or encoded in the memory.

[0193] In one embodiment, computer-executable instructions are stored in memory, which, when executed, cause at least one processor 910 to: perform hash calculations on each source identifier using a plurality of preset hash functions to obtain a plurality of hash values; map each obtained hash value to a corresponding element in a binary array comprising a preset number of elements to obtain a mapped binary array; and send the mapped binary array as a filter to the querying party.

[0194] Figure 10 A block diagram of an electronic device 1000 for implementing a privacy intersection method according to another embodiment of this specification is shown.

[0195] like Figure 10 As shown, the electronic device 1000 may include at least one processor 1010, a memory (e.g., non-volatile memory) 1020, a RAM 1030, and a communication interface 1040, and the at least one processor 1010, memory 1020, RAM 1030, and communication interface 1040 are connected together via a bus 1050. The at least one processor 1010 executes at least one computer-readable instruction (i.e., the elements implemented in software described above) stored or encoded in the memory.

[0196] In one embodiment, computer-executable instructions are stored in memory that, when executed, cause at least one processor 1010 to: receive a filter from a data source; perform hash calculations on a query identifier using multiple hash functions to obtain a plurality of corresponding query hash values; map the plurality of query hash values ​​to the filter to determine the value of the corresponding element mapped to each query hash value; and determine that there is no data matching the query identifier at the data source when a first value exists in the corresponding element mapped to the query hash value.

[0197] It should be understood that the computer-executable instructions stored in the memory, when executed, cause at least one processor 910 and processor 1010 to perform the above combinations as described in the various embodiments of this specification. Figure 1-8 The description includes various operations and functions.

[0198] According to one embodiment, a program product, such as a machine-readable medium, is provided. The machine-readable medium may have instructions (i.e., the elements implemented in software as described above), which, when executed by a machine, cause the machine to perform the above-described combinations of the various embodiments of this specification. Figure 1-8 The description includes various operations and functions.

[0199] Specifically, a system or apparatus equipped with a readable storage medium may be provided, on which software program code implementing the functions of any of the embodiments described above is stored, and the computer or processor of the system or apparatus can read and execute the instructions stored in the readable storage medium.

[0200] In this case, the program code itself, which can be read from a readable medium, can perform the functions of any of the above embodiments. Therefore, the machine-readable code and the readable storage medium storing the machine-readable code constitute a part of the present invention.

[0201] The computer program code required for the operation of each part of this manual can be written in any one or more programming languages, including object-oriented programming languages ​​such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB, .NET, and Python; conventional procedural programming languages ​​such as C, Visual Basic 2003, Perl, COBOL 2002, PHP, and ABAP; dynamic programming languages ​​such as Python, Ruby, and Groovy; or other programming languages. This program code can run on the user's computer, or as a standalone software package on the user's computer, or partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the latter case, the remote computer can be connected to the user's computer via any network, such as a local area network (LAN) or wide area network (WAN), or connected to an external computer (e.g., via the Internet), or in a cloud computing environment, or used as a service, such as Software as a Service (SaaS).

[0202] Examples of readable storage media include floppy disks, hard disks, magneto-optical disks, optical disks (such as CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD-RW), magnetic tapes, non-volatile memory cards, and ROMs. Alternatively, program code can be downloaded from a server computer or the cloud via a communication network.

[0203] The foregoing has described specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims may be performed in a different order than that shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily require the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are possible or may be advantageous.

[0204] Not all steps and units in the above process and system structure diagrams are mandatory; some steps or units can be omitted as needed. The execution order of each step is not fixed and can be determined as required. The device structure described in the above embodiments can be a physical structure or a logical structure. That is, some units may be implemented by the same physical entity, or some units may be implemented by multiple physical entities, or they may be jointly implemented by certain components in multiple independent devices.

[0205] The term "exemplary" as used throughout this specification means "serving as an example, instance, or illustration" and does not imply that it is "preferred" or "advantageous" over other embodiments. Detailed descriptions are included for the purpose of providing an understanding of the described techniques. However, these techniques may be practiced without these detailed descriptions. In some instances, well-known structures and apparatuses are shown in block diagram form to avoid obscuring the concepts of the described embodiments.

[0206] The optional embodiments of the present specification have been described in detail above with reference to the accompanying drawings. However, the embodiments of the present specification are not limited to the specific details in the above embodiments. Within the scope of the technical concept of the embodiments of the present specification, various simple modifications can be made to the technical solutions of the embodiments of the present specification, and these simple modifications all fall within the protection scope of the embodiments of the present specification.

[0207] The foregoing description of this specification is provided to enable any person skilled in the art to implement or use the content of this specification. Various modifications to the content of this specification will be apparent to those skilled in the art, and the general principles defined herein can be applied to other variations without departing from the scope of protection of this specification. Therefore, this specification is not limited to the examples and designs described herein, but is consistent with the widest scope of the principles and novel features disclosed herein.

Claims

1. A method for privacy-preserving intersection, wherein, The method is executed by the data source provider, which possesses source identifiers corresponding to each piece of data. The method includes: Multiple source identifiers are hashed using multiple preset hash functions to obtain multiple hash values. Each hash value is obtained by hashing one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each of the hash functions. Each hash value is mapped to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The mapped binary array is sent as a filter to the querying party, enabling the querying party to perform hash calculations on the query identifier using the multiple hash functions to obtain multiple corresponding query hash values. These multiple query hash values ​​are then mapped to the filter. If the first value exists in the corresponding element mapped to each query hash value, it is determined that the data source does not contain data matching the query identifier, thus eliminating the need for subsequent privacy intersection operations. In this process, the source identifiers corresponding to each piece of data owned by the data source provider are used to generate corresponding ciphertexts using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts are then distributed into a specified number of buckets according to a data bucketing method, with each bucket corresponding to a bucket number. The method further includes: When the querying party determines that the corresponding element mapped to each of the query hash values ​​in the filter is the second value, it obtains the first ciphertext of the query identifier corresponding to the query identifier sent by the querying party and the query bucket number obtained according to the data bucketing method based on the hash value of the query identifier corresponding to the query identifier. The first ciphertext of the query identifier is obtained by the querying party encrypting the query identifier once using its own querying key according to the encryption algorithm. Using the data source key, the ciphertext of the identifier to be queried is encrypted twice according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried. Based on the bucket number to be queried, obtain the source identifier ciphertext from the corresponding bucket; and The secondary ciphertext of the identifier to be queried and the primary ciphertext of the obtained source identifier are sent to the querying party, so that the querying party can use the querying party key to perform secondary encryption on the primary ciphertext of the source identifier according to the encryption algorithm to obtain the corresponding secondary ciphertext of the source identifier, and determine the intersection query result based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

2. The method as described in claim 1, wherein, Each hash value is mapped to a corresponding element in a binary array containing a preset number of elements, resulting in a mapped binary array comprising: The remainder of each hash value obtained is calculated relative to the preset number; and The remainder values ​​corresponding to each hash value are mapped to the corresponding elements in the binary array to obtain the mapped binary array. The querying party calculates the remainder values ​​of the plurality of hash values ​​to be queried relative to the preset number, and maps each of the obtained remainder values ​​to the filter to determine the value of each mapped element.

3. The method as described in claim 1, wherein, The ciphertext of the query identifier sent by the querying party and the query bucket number obtained according to the hash value of the query identifier and the data bucketing method include: The querying party receives the encrypted text of the identifier to be queried corresponding to the identifier to be queried and the bucket number to be queried, wherein the bucket number to be queried is obtained by the querying party processing the hash value of the identifier to be queried corresponding to the identifier to be queried according to the data bucketing method.

4. The method of claim 1, wherein, The ciphertext of the query identifier sent by the querying party and the query bucket number obtained according to the hash value of the query identifier and the data bucketing method include: The querying party receives the hash value of the query identifier corresponding to the query identifier and a ciphertext of the query identifier; and The hash value of the identifier to be queried is processed according to the data bucketing method to obtain the corresponding bucket number to be queried.

5. The method as described in any one of claims 1 to 4, wherein, The querying party is in the online stage when it determines, using the filter, that the data source does not have data matching the identifier to be queried. After the querying party determines that the corresponding elements mapped to each of the hash values ​​to be queried in the filter are all the second values, the data source and the querying party are in the online stage when they interact to perform the privacy intersection operation.

6. The method of claim 1, further comprising: Using the data source key, each source identifier is encrypted once according to the encryption algorithm to obtain the ciphertext of the source identifier corresponding to each source identifier; as well as The obtained source identifier is distributed into the multiple buckets in one go according to the data bucketing method.

7. The method of claim 6, wherein, The process of distributing the obtained source identifier ciphertext to the multiple buckets in one go according to the data bucketing method includes: A hash algorithm is used to calculate the source identifier hash value corresponding to each source identifier; and Based on the obtained source identifier hash value and the specified quantity, each source identifier is distributed into each bucket in one ciphertext.

8. The method of claim 6, further comprising: After the ciphertext of each source identifier is allocated, if the number of ciphertexts allocated to each bucket is inconsistent, the buckets with fewer ciphertexts allocated to each source identifier are padded with data to make the number of ciphertexts allocated to each bucket consistent.

9. The method as described in any one of claims 6 to 8, wherein, The data source performs a data bucketing operation on each source identifier's encrypted data during the offline phase.

10. A method for privacy-preserving intersection, wherein, The method is executed by the querying party. The data source party possesses source identifiers corresponding to various data. The data source party uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. The multiple hash values ​​corresponding to each source identifier are then mapped to corresponding elements in a binary array containing a preset number of elements to obtain a mapped binary array that serves as a filter. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The method includes: Receive the filter from the data source; The multiple hash functions are used to perform hash calculations on the identifier to be queried in order to obtain multiple corresponding hash values ​​to be queried; The plurality of hash values ​​to be queried are mapped to the filter to determine the value of the corresponding element mapped to each hash value; and If the first value exists in the corresponding element mapped to the hash value to be queried, it is determined that the data source does not contain data matching the identifier to be queried, and no further privacy intersection operation is required. In this process, each source identifier owned by the data source provider is used to generate a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts are then distributed into a specified number of buckets according to a data bucketing method, with each bucket having a corresponding bucket number. The method further includes: When it is determined that the corresponding element mapped to each of the hash values ​​to be queried in the filter is the second value, the query identifier is encrypted once using the query key according to the encryption algorithm to obtain the corresponding ciphertext of the query identifier; The ciphertext of the identifier to be queried and the corresponding bucket number to be queried are sent to the data source, so that the data source can obtain the corresponding secondary ciphertext of the identifier to be queried based on the ciphertext of the identifier to be queried and obtain the primary ciphertext of the source identifier in the corresponding bucket based on the bucket number. The bucket number to be queried is obtained according to the hash value of the identifier to be queried based on the data bucketing method. The secondary ciphertext of the identifier to be queried is obtained by the data source using the data source key to encrypt the primary ciphertext of the identifier to be queried twice according to the encryption algorithm. Receive the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained from the corresponding bucket from the data source. Using the query key, the received source identifier primary ciphertext is encrypted a second time according to the encryption algorithm to obtain the corresponding source identifier secondary ciphertext; and The intersection query result for the target identifier is determined based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

11. The method of claim 10, wherein, When mapping hash values, the data source calculates the remainder of each hash value relative to the preset number; and maps the remainder of each hash value to the corresponding element in the binary array to obtain the mapped binary array. Mapping the plurality of hash values ​​to be queried to the filter, and determining the value of the corresponding element mapped to each hash value to be queried, includes: Calculate the remainder of each hash value to be queried relative to the preset number; and The remainder values ​​corresponding to each hash value to be queried are mapped to the corresponding elements in the filter to determine the value of the corresponding element mapped to each hash value to be queried.

12. The method of claim 10, wherein, When the querying party sends the bucket number to be queried to the data source, the method further includes, before sending the bucket number to be queried: The hash value of the identifier to be queried is processed according to the data bucketing method to obtain the bucket number corresponding to the identifier to be queried.

13. The method of claim 10, wherein, The intersection query result for the target identifier is determined based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier, including: If a source identifier secondary ciphertext exists in the source identifier secondary ciphertext that is identical to the query identifier secondary ciphertext, it is determined that the data source contains data that matches the query identifier. When the secondary ciphertext of the source identifier is different from the secondary ciphertext of the identifier to be queried, it is determined that the data source does not have data matching the identifier to be queried.

14. The method as described in any one of claims 10 to 13, wherein, The data source and the querying party are online when they interact to perform a privacy-preserving intersection operation.

15. A method for privacy-preserving intersection, wherein, The method includes: (1) Source identifiers corresponding to each piece of data owned by the data source provider; (2) Source identifiers corresponding to each piece of data owned by the data source provider; (3) Source identifiers corresponding to each piece of data owned by the data source provider. The data source uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. Each hash value is obtained by performing hash calculations on one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each of the hash functions. The data source maps each obtained hash value to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The data source sends the mapped binary array as a filter to the querying party; The querying party receives the filter from the data source party; The querying party uses the multiple hash functions to perform hash calculations on the identifier to be queried in order to obtain the corresponding multiple hash values ​​to be queried; The querying party maps the plurality of hash values ​​to be queried to the filter to determine the value of the corresponding element mapped to each hash value; and When the querying party finds that the first value exists in the corresponding element mapped to the hash value to be queried, it determines that the data source does not have data matching the identifier to be queried, and therefore does not need to perform subsequent privacy intersection operations. In this process, each source identifier owned by the data source provider is used to generate a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts are then distributed into a specified number of buckets according to a data bucketing method, with each bucket having a corresponding bucket number. The method further includes: When the querying party determines that the corresponding element mapped to each of the hash values ​​to be queried in the filter is the second value, it uses its own querying party key to encrypt the identifier to be queried once according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried. The querying party sends the encrypted text of the identifier to be queried and the corresponding bucket number to be queried to the data source party, wherein the bucket number to be queried is obtained according to the hash value of the identifier to be queried according to the data bucketing method; The data source receives the bucket number to be queried and the encrypted identifier sent by the querying party. The data source provider uses the data source key to perform secondary encryption on the ciphertext of the identifier to be queried according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the identifier to be queried. The data source party obtains the source identifier encrypted once from the corresponding bucket based on the bucket number to be queried. The data source sends the secondary ciphertext of the identifier to be queried and the primary ciphertext of the obtained source identifier to the querying party; The querying party uses its key to perform secondary encryption on the received source identifier ciphertext according to the encryption algorithm, to obtain the corresponding source identifier secondary ciphertext; and The querying party determines the intersection query result for the target identifier based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

16. An apparatus for privacy-preserving intersection, applied to a data source, wherein the data source possesses source identifiers corresponding to each piece of data. The device includes: The hash calculation unit uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values. Each hash value is obtained by performing hash calculations on one source identifier using one of the hash functions, and the multiple hash values ​​corresponding to each source identifier are calculated by each of the hash functions. The hash value mapping unit maps each obtained hash value to a corresponding element in a binary array containing a preset number of elements to obtain a mapped binary array. The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The filter sending unit sends the mapped binary array as a filter to the querying party, so that the querying party uses the multiple hash functions to perform hash calculations on the query identifier to obtain multiple corresponding query hash values, and maps the multiple query hash values ​​to the filter. When the first value exists in the corresponding element mapped to each query hash value, it is determined that the data source does not have data matching the query identifier, and no subsequent privacy intersection operation is required. In this process, each source identifier owned by the data source provider is used to generate a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts are then distributed into a specified number of buckets according to a data bucketing method, with each bucket having a corresponding bucket number. The device further includes: The obtaining unit, when the querying party determines that the corresponding elements mapped to each query hash value in the filter are all the second values, obtains the first ciphertext of the query identifier corresponding to the query identifier sent by the querying party and the query bucket number obtained according to the data bucketing method based on the query identifier hash value corresponding to the query identifier. The first ciphertext of the query identifier is obtained by the querying party encrypting the query identifier once using its own querying key according to the encryption algorithm. The encryption unit uses the data source key to perform secondary encryption on the ciphertext of the identifier to be queried according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the identifier to be queried. The ciphertext acquisition unit retrieves the source identifier ciphertext from the corresponding bucket based on the bucket number to be queried; and The ciphertext sending unit sends the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained to the querying party, so that the querying party can use the querying party key to perform secondary encryption on the primary ciphertext of the source identifier according to the encryption algorithm to obtain the corresponding secondary ciphertext of the source identifier, and determine the intersection query result based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

17. An apparatus for privacy-preserving intersection, applied to a querying party and a data source party, wherein the data source party uses multiple preset hash functions to perform hash calculations on each source identifier to obtain multiple hash values, and maps the multiple hash values ​​corresponding to each source identifier to corresponding elements in a binary array containing a preset number of elements to obtain a mapped binary array as a filter, wherein... The initial value of each element in the binary array is a first value, and the corresponding element mapped to each hash value is set to a second value. The device includes: A filter receiving unit receives the filter from the data source. The hash calculation unit uses the multiple hash functions to perform hash calculations on the identifier to be queried in order to obtain the corresponding multiple hash values ​​to be queried; A hash value mapping unit maps the plurality of hash values ​​to be queried to the filter to determine the value of the corresponding element mapped to each hash value to be queried; and The intersection result determination unit determines that if the first value exists in the corresponding element mapped to the hash value to be queried, the data source does not contain data matching the identifier to be queried, and no further privacy intersection operation is required. In this process, each source identifier owned by the data source provider is used to generate a corresponding ciphertext using the data source provider's data source key and a commutative encryption algorithm. The generated ciphertexts are then distributed into a specified number of buckets according to a data bucketing method, with each bucket having a corresponding bucket number. The device further includes: The encryption unit, when it is determined that the corresponding element mapped to each of the hash values ​​to be queried in the filter is the second value, uses the query key to encrypt the identifier to be queried once according to the encryption algorithm to obtain the corresponding ciphertext of the identifier to be queried once; The sending unit sends the primary ciphertext of the identifier to be queried and the corresponding bucket number to be queried to the data source, so that the data source can obtain the secondary ciphertext of the identifier to be queried based on the primary ciphertext of the identifier to be queried and obtain the primary ciphertext of the source identifier in the corresponding bucket based on the bucket number. The bucket number to be queried is obtained according to the hash value of the identifier to be queried based on the data bucketing method. The secondary ciphertext of the identifier to be queried is obtained by the data source using the data source key to encrypt the primary ciphertext of the identifier to be queried twice according to the encryption algorithm. The receiving unit receives the secondary ciphertext of the identifier to be queried and the primary ciphertext of the source identifier obtained from the corresponding bucket from the data source. The secondary encryption unit uses the query key to perform secondary encryption on the received primary ciphertext of the source identifier according to the encryption algorithm, so as to obtain the corresponding secondary ciphertext of the source identifier; and The query result determination unit determines the intersection query result for the target identifier based on the secondary ciphertext of the identifier to be queried and the secondary ciphertext of the source identifier.

18. An electronic device comprising: At least one processor, a memory coupled to the at least one processor, and a computer program stored on the memory, wherein the at least one processor executes the computer program to implement the method as described in any one of claims 1-14.

19. A computer-readable storage medium storing a computer program that, when executed by a processor, implements the method as described in any one of claims 1-14.

20. A computer program product comprising a computer program that, when executed by a processor, implements the method as described in any one of claims 1-14.