Third party assisted set intersection method, apparatus and storage medium
By generating a secure auxiliary code dataset with the assistance of a third party, the problem of finding intersections of privacy-preserving sets when the participants lack a common identifier is solved, thus realizing the intersection of sets in the absence of a common identifier.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA TELECOM CORP LTD
- Filing Date
- 2023-05-05
- Publication Date
- 2026-06-23
AI Technical Summary
In existing technologies, privacy-preserving set intersection (PSI) cannot be directly performed when participating parties lack a shared identifier.
A third-party auxiliary party is introduced to generate a secure auxiliary code dataset by identifying identifiers shared with the participants. This dataset interacts with the participants and returns the auxiliary code dataset, allowing the participants to use these datasets to perform set intersection to obtain a shared set.
Even when the participants do not share a common identifier, a common set can still be determined, thus realizing the feasibility and security of privacy-preserving set intersection.
Smart Images

Figure CN116522392B_ABST
Abstract
Description
Technical Field
[0001] This disclosure relates to the field of computer technology, and in particular to a method, device and storage medium for finding the intersection of sets based on third-party assistance. Background Technology
[0002] Privacy-preserving set intersection (PSI) allows multiple parties holding their own sets to jointly compute the intersection of their sets. At the end of the computation, each participating party only obtains the correct intersection and does not obtain any information from the other party's set outside the intersection.
[0003] There are many common methods for set-safe intersection, but in current business scenarios, there may be situations where two parties lack a common identifier and cannot directly perform PSI.
[0004] It should be noted that the information disclosed in the background section above is only used to enhance the understanding of the background of this disclosure, and therefore may include information that does not constitute prior art known to those skilled in the art. Summary of the Invention
[0005] This disclosure provides a third-party-assisted set intersection method, electronic device, and storage medium that can perform intersection and determine the common set when the participants lack a common identifier.
[0006] Other features and advantages of this disclosure will become apparent from the following detailed description, or may be learned in part from practice of this disclosure.
[0007] In a first aspect, embodiments of this disclosure provide a set intersection method based on third-party assistance, applied to a third assisting party, the method comprising:
[0008] Determine a first identifier shared with a first participant and a second identifier shared with a second participant; wherein the first participant and the second participant are participants whose shared set needs to be determined and whose set intersection needs to be calculated.
[0009] Generate a security auxiliary code dataset based on the first identifier and the second identifier;
[0010] Receive a first request from the first participant to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and return a first auxiliary code dataset generated based on the first identifier to the first participant;
[0011] The system receives a second request from the second participant to query the security auxiliary code dataset through a hidden query protocol, and returns a second auxiliary code dataset generated based on the second identifier to the second participant, so that the first participant can use the first auxiliary code dataset and the second participant can use the second auxiliary code dataset to perform set intersection to obtain a common set of the first participant and the second participant.
[0012] Secondly, embodiments of this disclosure provide a set intersection method based on third-party assistance, applied to a first participant, the method comprising:
[0013] Determine the first identifier shared with the third-party auxiliary party;
[0014] A first request to query the security auxiliary code corresponding to the first identifier is sent to the third auxiliary party through a covert query protocol, and the first auxiliary code dataset returned by the third auxiliary party is received.
[0015] Using the first auxiliary code dataset, the intersection of the sets of the first and second participants is performed to obtain the common set of the first and second participants; wherein, the first and second participants are the participants whose common set needs to be determined and whose sets need to be intersected.
[0016] Thirdly, when applied to a second participating party, the method includes:
[0017] Identify a second identifier shared with the third assisting party;
[0018] A second request to query the security auxiliary code corresponding to the second identifier is sent to the third auxiliary party through a covert query protocol, and the second auxiliary code dataset returned by the third auxiliary party is received.
[0019] Using the second auxiliary code dataset, perform set intersection with the first participant to obtain the common set of the first participant and the second participant; wherein, the first participant and the second participant are the participants for which the common set needs to be determined and the set intersection needs to be performed.
[0020] Fourthly, embodiments of this disclosure provide a third-party assisted set intersection apparatus, comprising:
[0021] The first determining unit is used to determine a first identifier shared with a first participant and a second identifier shared with a second participant; wherein the first participant and the second participant are participants for whom a shared set needs to be determined and a set intersection needs to be performed.
[0022] The generation unit is configured to generate a security auxiliary code dataset based on the first identifier and the second identifier;
[0023] Feedback unit is used to receive a first request from the first participant to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and return a first auxiliary code dataset generated based on the first identifier to the first participant.
[0024] The feedback unit is further configured to receive a second request from the second participant to query the security auxiliary code dataset through a covert query protocol, and return a second auxiliary code dataset generated based on the second identifier to the second participant, so that the first participant can use the first auxiliary code dataset and the second participant can use the second auxiliary code dataset to perform set intersection to obtain a common set of the first participant and the second participant.
[0025] Fifthly, embodiments of this disclosure provide a third-party assisted set intersection apparatus, comprising:
[0026] The second determining unit is used to determine the first identifier shared with the third auxiliary party;
[0027] The first receiving unit is configured to send a first request to the third auxiliary party to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and to receive the first auxiliary code dataset returned by the third auxiliary party.
[0028] The first intersection unit is used to perform set intersection with the first auxiliary code dataset and the second participant to obtain a common set of the first participant and the second participant; wherein the first participant and the second participant are the participants for which the common set needs to be determined and set intersection needs to be performed.
[0029] Sixthly, embodiments of this disclosure provide a third-party assisted set intersection apparatus, comprising:
[0030] The third determining unit is used to determine the second identifier shared with the third auxiliary party;
[0031] The second receiving unit is configured to send a second request to the third auxiliary party to query the security auxiliary code corresponding to the second identifier through a covert query protocol, and to receive the second auxiliary code dataset returned by the third auxiliary party.
[0032] The second intersection unit is used to perform set intersection with the first participant using the second auxiliary code dataset to obtain a common set of the first participant and the second participant; wherein the first participant and the second participant are the participants for which the common set needs to be determined and set intersection needs to be performed.
[0033] In a seventh aspect, embodiments of this disclosure provide an electronic device, including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the method described in the first aspect above by executing the executable instructions.
[0034] Eighthly, embodiments of this disclosure provide a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the method described in the first aspect above.
[0035] Ninthly, according to another aspect of this disclosure, a computer program product or computer program is also provided, the computer program product or computer program including computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, causing the computer device to perform the method described in any of the preceding claims.
[0036] The embodiments of this disclosure provide a third-party-assisted set intersection method, applied to a third assisting party. The third assisting party determines a first identifier shared with a first participant and a second identifier shared with a second participant. Based on the first and second identifiers, a security auxiliary code dataset is generated. This dataset interacts with both the first and second participants, returning the first auxiliary code dataset generated based on the first identifier to the first participant and the second auxiliary code dataset generated based on the second identifier to the second participant. This allows the first participant to use the first auxiliary code dataset and the second participant to use the second auxiliary code dataset to perform set intersection, obtaining a shared set between the first and second participants. This method allows the two participants to determine a shared set even when they do not share a common identifier.
[0037] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description
[0038] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure. It is obvious that the drawings described below are merely some embodiments of this disclosure, and those skilled in the art can obtain other drawings based on these drawings without any inventive effort.
[0039] Figure 1 This illustration shows one of the flowcharts of a set intersection method based on third-party assistance in an embodiment of this disclosure;
[0040] Figure 2This diagram illustrates an example of how a first participant and a second participant interact after obtaining data with the assistance of a third party, according to an embodiment of this disclosure.
[0041] Figure 3 This is a second schematic flowchart of a set intersection method based on third-party assistance in an embodiment of the present disclosure;
[0042] Figure 4 This is the third flowchart illustrating a third embodiment of a set intersection method based on third-party assistance in this disclosure;
[0043] Figure 5 This diagram illustrates an interaction diagram of a third-party assisted set intersection method according to an embodiment of the present disclosure.
[0044] Figure 6 This illustration shows one of the structural schematic diagrams of a set intersection device based on third-party assistance in an embodiment of this disclosure;
[0045] Figure 7 This is a second schematic diagram of a set intersection device based on third-party assistance in an embodiment of the present disclosure;
[0046] Figure 8 This is shown as a third schematic diagram of a set intersection device based on third-party assistance in an embodiment of this disclosure;
[0047] Figure 9 A schematic diagram of the structure of an electronic device according to an embodiment of the present disclosure is shown. Detailed Implementation
[0048] Exemplary embodiments will now be described more fully with reference to the accompanying drawings. However, these exemplary embodiments can be implemented in many forms and should not be construed as limited to the examples set forth herein; rather, they are provided so that this disclosure will be more comprehensive and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0049] Furthermore, the accompanying drawings are merely illustrative of this disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and therefore repeated descriptions of them will be omitted. Some block diagrams shown in the drawings are functional entities and do not necessarily correspond to physically or logically independent entities. These functional entities may be implemented in software, in one or more hardware modules or integrated circuits, or in different network and / or processor devices and / or microcontroller devices.
[0050] In current business scenarios, there may be situations where both parties lack a common identifier and therefore cannot directly perform PSI.
[0051] Therefore, this disclosure provides a set intersection method based on third-party assistance. This method is applied to a third assisting party and specifically includes: determining a first identifier shared with a first participant and a second identifier shared with a second participant; generating a security auxiliary code dataset based on the first and second identifiers; interacting with both the first and second participants; returning the first auxiliary code dataset generated based on the first identifier to the first participant; and returning the second auxiliary code dataset generated based on the second identifier to the second participant. This allows the first participant to use the first auxiliary code dataset and the second participant to use the second auxiliary code dataset to perform set intersection, obtaining a shared set between the first and second participants. Through this method, even when the participants in the two sets do not share a common identifier, the two participants can still determine a shared set.
[0052] The following detailed description of this exemplary implementation method is provided in conjunction with the accompanying drawings and embodiments.
[0053] First, this disclosure provides a set intersection method based on third-party assistance, which is applied to a third assisting party. This method can be executed by any electronic device with computing capabilities. In the following process, the electronic device is used as a server as an example.
[0054] Figure 1 This diagram illustrates a flowchart of a third-party assisted set intersection method according to an embodiment of this disclosure, as shown below. Figure 1 As shown, it includes the following steps:
[0055] S102: Determine a first identifier shared with the first participant, and determine a second identifier shared with the second participant.
[0056] In this context, the first and second participants are those who need to determine a shared set and perform set intersection. The third auxiliary party can be a party that assists the first and second participants in performing set intersection. This disclosure uses the example where the identifier data of the third auxiliary party completely covers the identifier data of the first and second participants.
[0057] In one possible embodiment, the third auxiliary party may negotiate with the first participant to determine a first identifier shared by the first participant. Furthermore, the third auxiliary party may also negotiate with the second participant to determine a second identifier shared by the second participant.
[0058] For example, the following explanation will be given with the first identifier being "passport number" and the second identifier being "ID card number".
[0059] S104: Generate a security auxiliary code dataset based on the first identifier and the second identifier.
[0060] In one possible embodiment, the third assisting party can determine a security assist code data table including the first identifier and the second identifier in a preset security assist code database based on the first identifier and the second identifier, and generate a security assist code dataset that is unrelated to the first identifier and the second identifier from the security assist code data table.
[0061] The security auxiliary code dataset can be auxiliary data determined by a third auxiliary party through the first identifier of the first participant and the second identifier of the second participant, used to assist the first participant and the second participant in finding the intersection of sets.
[0062] It should be noted that there can be multiple first identifiers and second identifiers. The security auxiliary code dataset can include multiple security auxiliary code data, which are used to correspond to the identifiers of the first participant and the second participant.
[0063] For example, the third assisting party locates the data table with the corresponding fields of the two identifiers, namely the security assisting code data table, in its own preset security assisting code database based on the shared identifier "passport number" negotiated with the first participating party and the shared identifier "ID number" negotiated with the second participating party. This determines that a security assisting code is generated that is not directly related to the corresponding fields of the two identifiers. By locating multiple identifiers, the security assisting code dataset can be determined.
[0064] Furthermore, the generation rules for the security auxiliary code can use a random value of at least 256 bits in length, or the Elliptic Curve Public Key Cryptography (ECC) algorithm SM2 can be used with the primary key of the data record or a custom UUID (Universally Unique Identifier) value as the encryption key, and then the salted random value can be encrypted. If the generated security auxiliary code is too long, such as more than 2048 bits, the commercial cryptographic hash algorithm SM3 can be used as the hash function.
[0065] Furthermore, a similar method of constructing a simple hash function using a combination of passport number and ID card number can generally be used. However, this method may be cracked by participating parties through combinatorial reasoning. In this disclosure, to ensure the information security of the first and second identifiers and to prevent the data of the third auxiliary party from being compromised, data unique to the third auxiliary party can be introduced. For example, in scenarios where secondary verification is necessary and the information of the first and second identifiers must be included, a salt value can be randomly generated for each set of data (i.e., each row in the preset security auxiliary code database). A new combination can be formed by the first identifier, the second identifier, and the random salt value (e.g., by concatenating strings in sequence) and a hash function can be applied to it to generate a security auxiliary code. The generated salt value cannot be fixed and must be at least consistent with the length of the hash function's return value. The security auxiliary code generated in this way, because a salt value is added during the generation process, can effectively resist dictionary attacks, brute-force attacks, lookup table methods, reverse lookup table methods, rainbow tables, etc., improving the security of the data interaction process.
[0066] In one possible implementation, the security auxiliary code uses a random value of at least 256 bits. The security auxiliary code is transmitted using a stealth query protocol, providing two-way privacy protection without requiring further security enhancements such as encryption.
[0067] Furthermore, after executing S104, the third-party assistant can further process the security auxiliary code dataset and then execute S106. For example, based on the security auxiliary code dataset, a data column is obtained; wherein the data column includes a first identifier, a second identifier, and a security auxiliary code, and the first identifier and the second identifier conform to the corresponding relationship of the security auxiliary code; based on the first identifier and the security auxiliary code in the data column, a first plaintext key-value pair is generated, and based on the second identifier and the security auxiliary code in the data column, a second plaintext key-value pair is generated.
[0068] For example, with n being the identifier data volume of the third-party assistant, the third-party assistant generates a security assistance code, forming a data column {(p... i ,q i ,v i )|,i∈[1,n]},where p i Indicates passport number, q i Indicates ID number, v i "Security Assist Code".
[0069] They can be combined into the first plaintext data key-value pair {(p1,v1),…,(p t ,v t ),…,(p n ,v n The second plaintext key-value pair {(q1,v1),…,(q)} is a key-value pair of plaintext. s ,vs ),…,(q n ,v n This is provided for the first and second participants to access and query anonymously.
[0070] By generating two pairs of plaintext key-value pairs, subsequent processing becomes much simpler.
[0071] S106: Receive the first request from the first participant to query the security auxiliary code corresponding to the first identifier through the covert query protocol, and return the first auxiliary code dataset generated based on the first identifier to the first participant.
[0072] In one possible embodiment, after receiving a first request from the first participant to query the security auxiliary code corresponding to the first identifier through the covert query protocol, the third auxiliary party can select the security auxiliary code corresponding to the first identifier from the security auxiliary code dataset, encrypt it, obtain the first auxiliary code dataset, and return the first auxiliary code dataset to the first participant.
[0073] In another possible embodiment, the first request includes multiple requests to query security auxiliary codes, and the first auxiliary code dataset includes multiple first auxiliary code data.
[0074] The third auxiliary party can generate a first plaintext key-value pair based on the first identifier. For any request from the first participant using the hidden query protocol security auxiliary code, it obtains the first ciphertext vector in the first request. The first ciphertext vector is obtained by the first participant encrypting the first identifier using its ciphertext public key. The first plaintext key-value pair is subjected to Lagrange polynomial difference to generate a first query polynomial. Substituting any first identifier into the first query polynomial yields the corresponding security auxiliary code. A first encryption polynomial is constructed using a first preset value, the first retrieval polynomial, and the first query polynomial. Substituting any first identifier into the first retrieval polynomial results in 0. The first ciphertext vector is then substituted into the first retrieval polynomial and homomorphically encrypted to determine the first homomorphic ciphertext corresponding to the first retrieval polynomial. The first ciphertext vector is then substituted into the first encryption polynomial and homomorphically encrypted to determine the second homomorphic ciphertext corresponding to the first encryption polynomial. The first and second homomorphic ciphertexts are used as the first auxiliary code dataset and sent to the first participant.
[0075] The following content uses a passport number p t For example, the first participating party performs a query on the third assisting party. The specific process is as follows:
[0076] For example, the first request may be generated in such a way that, for instance, the first participant may first generate a homomorphic public-private key pair (h PK ,hSK For the "passport number" that needs to be queried, p t Using the encrypted public key h PK Encrypt p separately t From the power of 1 to p t The nth power forms the first ciphertext vector. and the encrypted public key h of the first participant PK Send them together to the third-party assistant.
[0077] Enc is a homomorphic encryption algorithm, which can be implemented using the Paillier algorithm to achieve multiplicative homomorphism and satisfy the homomorphic property.
[0078] The third auxiliary party assigns the first plaintext key-value pair {(p1,v1),..., ... t ,v t ),…,(p n ,v n By performing Lagrange polynomial interpolation on}, the first query polynomial H(x) can be generated.
[0079] The specific first query polynomial is as follows:
[0080] H(x) = a0 + a1x + a2x 2 +…+a n x n
[0081] Substituting any first identifier into the first query polynomial yields the following result.
[0082] H(p1)=v1,H(p2)=v2,…,H(p n ) = v n
[0083] Furthermore, a first search polynomial F(x) can be constructed based on the first plaintext key-value pair. This first search polynomial can be understood as a function of the first plaintext key-value pair, where the first identifier is on the x-axis and the security auxiliary code corresponding to the first identifier is on the y-axis. Further, the first search polynomial can be constructed in this coordinate system, and a first participant identifier random number, i.e., the first preset value r, can be generated. p This value can be a random value of length 64 or 128, and a prime number can be chosen as the first preset value. This value ensures that even if data is stolen during interaction between the first participant and the third assisting party, the party stealing the data cannot deduce the shared set between the first and second participants. This improves data security during the interaction process.
[0084] F(x) = (x-p1)(x-p2)...(xpn )=c0+c n x+c2x 2 +…+c n x n
[0085] Substituting any first identifier into the first search polynomial results in 0.
[0086] F(p1)=0, F(p2)=0, …, F(p n ) = 0
[0087] The first encryption polynomial G(x) is constructed using the first preset value, the first retrieval polynomial, and the first query polynomial.
[0088] G(x)=H(x)+r p *F(x)
[0089] It can be seen that G(x) and H(x) have the same properties. Substituting the first plaintext key-value pair (p) into the equation... i ,v i If i∈[0,n] is used to input G(x) and H(x), the resulting value is the security auxiliary code corresponding to the first identifier. Substituting other data will result in a random number.
[0090] The third-party assistant uses the received first ciphertext vector. Substituting F(x) and G(x) into the calculation, the first homomorphic ciphertext Enc(F(p) is calculated respectively. t The second homomorphic ciphertext Enc(G(p)) t The first homomorphic ciphertext and the second homomorphic ciphertext are sent as the first auxiliary code data to the first participant.
[0091] Furthermore, the above content pertains to a single query process. If the first identifier that the first participant wants to query is a set A, then the first participant needs to query the third auxiliary party |A| times. The combined request of |A| queries for the security auxiliary code constitutes the first request.
[0092] For each |A|th iteration, if the third auxiliary party returns the first and second homomorphic ciphertexts for the |A|th iteration, then the first and second homomorphic ciphertexts returned by the third auxiliary party can be used as the first auxiliary code dataset.
[0093] The first participant can receive F(p) each time. t ) and G(p t As a result, the corresponding first security auxiliary code set V = {v} is calculated. i |i∈A}.
[0094] In one possible embodiment, the first participant uses its own encrypted private key h. sK For the first homomorphic ciphertext Enc(F(p) t The second homomorphic ciphertext Enc(G(p)) t Decryption is performed to obtain F(p) t ) and G(p t If F(p) t If G(p) = 0, it means the query was hit, then G(p) = 0. t ) = v t This is the search result, which is the security auxiliary code corresponding to the first identifier we wanted to retrieve. If F(p) t If ) ≠ 0, it means no data was found, and the resulting G(p) is... t () is a random value, and the result is meaningless.
[0095] S108: Receive a second request from the second participant to query the security auxiliary code dataset through the covert query protocol, and return a second auxiliary code dataset generated based on the second identifier to the second participant, so that the first participant can use the first auxiliary code dataset and the second participant can use the second auxiliary code dataset to perform set intersection to obtain a common set of the first participant and the second participant.
[0096] In one possible embodiment, after receiving a second request from the second participant to query the security auxiliary code corresponding to the second identifier through the covert query protocol, the third auxiliary party can select the security auxiliary code corresponding to the second identifier from the security auxiliary code dataset, encrypt it, obtain the second auxiliary code dataset, and return the second auxiliary code dataset to the second participant.
[0097] In another possible embodiment, the second request includes multiple requests to query security auxiliary codes, and the second auxiliary code dataset includes multiple pieces of second auxiliary code data.
[0098] The third auxiliary party can generate a second plaintext key-value pair based on the second identifier, and obtain the second ciphertext vector in the second request; wherein the second ciphertext vector is obtained by the second participant encrypting the second identifier based on the second participant's ciphertext public key; the second plaintext key-value pair is subjected to Lagrange polynomial difference to generate a second query polynomial; wherein, substituting any second identifier into the second query polynomial yields the security auxiliary code corresponding to the second identifier; a second encryption polynomial is constructed using the second preset value, the second retrieval polynomial, and the second query polynomial; wherein, substituting any second identifier into the second retrieval polynomial results in 0; the second ciphertext vector is substituting into the second retrieval polynomial and homomorphically encrypted to determine the third homomorphic ciphertext corresponding to the second retrieval polynomial; the second ciphertext vector is substituting into the second encryption polynomial and homomorphically encrypted to determine the fourth homomorphic ciphertext corresponding to the second encryption polynomial; the third and fourth homomorphic ciphertexts are used as the second auxiliary code dataset and sent to the second participant.
[0099] For any request from the second participant to secretly query the protocol security auxiliary code, the method for returning the second auxiliary code data generated based on the second identifier to the second participant is as follows:
[0100] For example, let's take the "ID number" that needs to be queried as q. s For example, the second participant generates a homomorphic encrypted public-private key pair (h′). PK ,h′ SK For the "ID number" q that needs to be queried s Using the second participant's ciphertext public key h′ PK Encrypt q separately s 1 to q s The nth power forms the second ciphertext vector. and h′ PK Send them together to the third-party assistant.
[0101] The third auxiliary party provides the second plaintext key-value pair {(q1,v1),…,(q t ,v t ),…,(q n ,v n )}, perform Lagrange polynomial interpolation to generate the second query polynomial H′(x):
[0102] H′(x)=b0+b1x+b2x 2 +…+b n x n
[0103] Substituting any second identifier into the second query polynomial yields the following result.
[0104] H′(q1)=v1,H′(q2)=v2,…,H′(q n ) = v n
[0105] A second search polynomial F′(x) can be constructed from the first plaintext key-value pair. This second search polynomial can be understood as a function of the second plaintext key-value pair, where the second identifier is on the x-axis and the security auxiliary code corresponding to the second identifier is on the y-axis. Furthermore, the second search polynomial can be constructed within this coordinate system, and a random number representing the second participant identifier, i.e., the second preset value r, can be generated. q This can be a random value of length 64 or 128. The second preset value serves a similar purpose to the first preset value, which will not be elaborated upon here. Furthermore, the first and second preset values can be selected with different values, which can further improve the security of data during the interaction process.
[0106] F′(x)=(x-q1)(x-q2)…(xq n )=d0+d1x+d2x 2 +…+d n x n
[0107] Substituting any second identifier into the first search polynomial results in 0.
[0108] F′(q1)=0,F′(q2)=0,…,F′(q n ) = 0
[0109] The second cryptographic polynomial G′(x) is constructed using the second preset value, the second retrieval polynomial, and the second query polynomial.
[0110] G′(x)=H′(x)+r q *F′(x)
[0111] It can be seen that G′(x) and H′(x) have the same properties. Substituting the second plaintext key-value pair (q) i ,v i The value obtained by subtracting other data from i∈[0,n] into G′(x) and H′(x) is the security auxiliary code corresponding to the second identifier.
[0112] The third assisting party uses the received second ciphertext vector. Substituting F′(x) and G′(x) into the calculation, the third homomorphic ciphertext Enc(F(q) is calculated respectively. s )) and the fourth homomorphic ciphertext Enc(G(q) s The third and fourth homomorphic ciphertexts are then sent as the second auxiliary code data to the second participant.
[0113] Furthermore, the above content pertains to a single query process. If the second identifier that the second participant wants to query is a set B, then the second participant needs to query the third auxiliary party |B| times. The combined request of |B| queries for the security auxiliary code constitutes the second request.
[0114] For each |A|th iteration, if the third auxiliary party returns the third and fourth homomorphic ciphertexts for the |B|th iteration, then the third and fourth homomorphic ciphertexts returned by the third auxiliary party for the |B|th iteration can be used as the second auxiliary code dataset.
[0115] The second participant can receive F each time. ′ (q s ) and G ′ (q s As a result, the corresponding second security auxiliary code set V is calculated. ′ ={v i |i∈B}.
[0116] In one possible embodiment, the second participant uses its own encrypted private key h′ sK For the third homomorphic ciphertext Enc(F(q) s )) and the fourth homomorphic ciphertext Enc(G(q) s Decryption is performed to obtain F(q). s ) and G(q s If F(q) s If ) = 0, it means the query was hit, then G(q) = 0. s ) = v s This is the search result, specifically the security auxiliary code corresponding to the second identifier that the second participant wants to retrieve; if F(q) s If ) ≠ 0, it means no data was found, and the resulting G(q) is... s () is a random value, and the result is meaningless.
[0117] In one possible embodiment, if the amount of data from the third-party assistant is relatively large, the following processing can be performed after the third-party assistant has determined the first plaintext key-value pair and the second plaintext key-value pair:
[0118] Offline preprocessing operation, for the first plaintext key-value pair {(p1,v1),…,(p t ,v t ),…,(p n ,v n )}, and {(q1,v1),…,(q s ,v s ),…,(q n ,v n Preprocessing by hashing and modulo-dividing can greatly improve the efficiency of online queries.
[0119] The above method effectively enables interaction between the first and second participants through a third-party assistant. This allows the first and second participants to determine the shared set even when they lack a common identifier and cannot perform set intersection calculations, all with the assistance of the third-party assistant. The third-party assistance method described in this disclosure can be embedded as a pre-process into any two- or multi-party privacy set intersection calculation process, exhibiting strong adaptability and versatility.
[0120] Furthermore, the scheme in this disclosure introduces a third auxiliary party, which can control the number of queries performed by the hidden query protocol, thereby achieving data controllability. For example, assuming the data volume of the first participant is n, the participant and the auxiliary party can agree in advance that the number of times any participant executes the hidden query protocol should not exceed O(n) times, where O(n) is a function of complexity, representing the time complexity of the algorithm. In this disclosure, it mainly represents the complexity of the data volume n.
[0121] It enables secure queries for multiple participants and has two-way privacy protection capabilities.
[0122] Furthermore, in this disclosure, when the identifier data of any participant is dynamically updated, assuming that the first participant updates n data entries, the first participant can complete the data update by performing a single hidden query with the third auxiliary party, resulting in low computational and transmission overhead for the update.
[0123] Furthermore, after the third auxiliary party sends the first auxiliary code dataset to the first participant and the second auxiliary code dataset to the second participant, the first participant can use the first auxiliary code dataset and the second participant can use the second auxiliary code dataset to find the intersection of the sets, thus obtaining the common set of the first participant and the second participant.
[0124] For example, the first participant can obtain V = {v} based on the first auxiliary code dataset. i |i∈A}, the second participant can obtain V based on the second auxiliary code dataset. ′ ={v i |i∈B}.
[0125] The specific interaction between the first and second participants can be as follows: Figure 2 As shown, any participant can initiate a set intersection exercise, or both parties can request a set intersection exercise. Figure 2 The process is illustrated using the example of the first participant initiating a set intersection calculation with the second participant. Figure 2 Includes the following steps:
[0126] S202: The first participant generates a first key based on the first set of security auxiliary codes.
[0127] In one possible embodiment, the first participant, according to V = {v} i |i∈A} can generate the first key x.
[0128] S204: The second participant generates a second key based on the second set of security auxiliary codes.
[0129] In one possible embodiment, the second participant can, based on V... ′ ={v j |j∈B} generates the second key y.
[0130] S206: The first and second participants negotiate and determine the target hash function and the target large prime number.
[0131] In one possible embodiment, the first and second participants agree to use the same target hash function H and target large prime number p.
[0132] S208: The first participant performs hash processing on the first security auxiliary code set according to the target hash function, encrypts it with the first key, and obtains the first encrypted security auxiliary code set by taking the modulo value of the target large prime number.
[0133] In one possible embodiment, the first participant can determine a first set of cryptographic security auxiliary codes X, as follows:
[0134] X={H(v i ) x mod p|i∈A}
[0135] S210: The first participant sends the first set of cryptographic security auxiliary codes to the second participant.
[0136] S212: The second participant hashes the second security auxiliary code set according to the target hash function, encrypts it with the second key, and obtains the second encrypted security auxiliary code set by taking the modulo value of the target large prime number.
[0137] In one possible embodiment, the second participant can determine a second set of cryptographic security auxiliary codes Y, as follows:
[0138] Y = {H(v)} j ) y mod p|j∈B}
[0139] S214: The second participant encrypts the first set of encryption security auxiliary codes using the second key to obtain the second target encryption set.
[0140] In one possible embodiment, the second target encryption set X ′ as follows:
[0141] X ′ ={((H(v)} i )) x ) y mod p|i∈A}
[0142] S216: The second participant sends the second target encrypted set to the first participant.
[0143] S218: The first participant encrypts the second set of encryption security auxiliary codes using the first key to obtain the first target encryption set.
[0144] In one possible embodiment, the first target encryption set Y ′ as follows:
[0145] Y ′ ={((H(v)} j )) y ) x mod p|j∈B}
[0146] S220: The first participant finds the intersection of the first target encryption set and the second target encryption set to obtain the common set of the first participant and the second participant.
[0147] In one possible embodiment, the first participant itself possesses the first target encrypted set Y. ′ The second participant calculates the second target encrypted set X. ′ Concurrently sent to the first participant, the first participant can encrypt the first target set Y. ′ Second target encryption set X ′ The intersection is calculated, and the final intersection result can be used to obtain the security auxiliary code corresponding to the intersection result through the association relationship. That is, it can be regarded as the intersection V∩V′ of the first security auxiliary code set and the second security auxiliary code set. Finally, the first identifier of the first participant can be determined through the security auxiliary code through the correspondence relationship, that is, the information shared with the second participant is obtained, that is, the shared set, which can be user identification information.
[0148] Figure 3 A flowchart illustrating a set intersection method based on third-party assistance, applied to the first participant, is shown, including the following steps:
[0149] S302: Determine the first identifier shared with the third-party assistant.
[0150] S304: Send a first request to the third auxiliary party to query the security auxiliary code corresponding to the first identifier through the covert query protocol, and receive the first auxiliary code dataset returned by the third auxiliary party.
[0151] S306: Using the first auxiliary code dataset, find the intersection of the sets of the first participant and the second participant to obtain the common set of the first participant and the second participant.
[0152] Among them, the first participant and the second participant are the participants who need to determine the common set and find the intersection of the sets.
[0153] Figure 4 A flowchart illustrating a set intersection method based on third-party assistance, applied to a second participant, is shown, including the following steps:
[0154] S402: Determine a second identifier shared with the third-party assistant;
[0155] S402: Send a second request to the third auxiliary party to query the security auxiliary code corresponding to the second identifier through the covert query protocol, and receive the second auxiliary code dataset returned by the third auxiliary party.
[0156] S402: Using the second auxiliary code dataset, perform a set intersection with the first participant to obtain the common set of the first and second participants.
[0157] Among them, the first participant and the second participant are the participants who need to determine the common set and find the intersection of the sets.
[0158] Figure 5 The diagram illustrates an interaction diagram of a set intersection method based on third-party assistance, including a first participant, a second participant, and a third assisting party. The first participant initiates the set intersection method as an example, and the specific steps include:
[0159] S502: The first participating party and the third auxiliary party negotiate to determine a shared first identifier.
[0160] S504: The second participant and the third auxiliary party agree to determine a shared second identifier.
[0161] S506: The third-party assistant generates a security auxiliary code dataset based on the first identifier and the second identifier.
[0162] S508: The first participant sends a first request to the third assistant party to query the security auxiliary code corresponding to the first identifier through the concealed query protocol.
[0163] S510: The first participant in the third auxiliary direction returns the first auxiliary code dataset generated based on the first identifier.
[0164] S512: The first participant determines the first set of cryptographic security auxiliary codes based on the first auxiliary code dataset.
[0165] S514: The first participant sends the first set of encrypted security auxiliary codes to the second participant.
[0166] S516: The second participant sends a second request to the third assistant party to query the security auxiliary code corresponding to the second identifier through a concealed query protocol.
[0167] S518: The second participant in the third auxiliary direction returns a dataset of the second auxiliary code generated based on the second identifier.
[0168] S520: The second participant determines the second set of cryptographic security auxiliary codes based on the second auxiliary code dataset.
[0169] S522: The second participant processes the first set of encryption security auxiliary codes sent by the first participant to obtain the second target encryption set.
[0170] S524: The second participant sends the second set of cryptographic security auxiliary codes and the second target cryptographic set to the first participant.
[0171] S526: The first participant determines the first target encryption set based on the second encryption security auxiliary code set.
[0172] S528: The first participant performs a set intersection on the first target encryption set and the second target encryption set, and determines the shared set with the second participant based on the correspondence between the first identifier and the security auxiliary code.
[0173] Based on the same inventive concept, this disclosure also provides a third-party assisted set intersection device 60, as shown in the following embodiment. Since the principle of this device embodiment in solving the problem is similar to that of the above method embodiment, the implementation of this device embodiment can refer to the implementation of the above method embodiment, and repeated details will not be described again.
[0174] Figure 6 This diagram illustrates the structure of a third-party assisted set intersection device according to an embodiment of the present disclosure, as shown below. Figure 6 As shown, it includes:
[0175] The first determining unit 601 is used to determine a first identifier shared with the first participant and a second identifier shared with the second participant; wherein the first participant and the second participant are participants who need to determine a shared set and perform set intersection. The generating unit 602 is used to generate a security auxiliary code dataset based on the first identifier and the second identifier. The feedback unit 603 is used to receive a first request from the first participant to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and return the first auxiliary code dataset generated based on the first identifier to the first participant. The feedback unit 603 is also used to receive a second request from the second participant to query the security auxiliary code dataset through a covert query protocol, and return the second auxiliary code dataset generated based on the second identifier to the second participant, so that the first participant uses the first auxiliary code dataset and the second participant uses the second auxiliary code dataset to perform set intersection to obtain a shared set of the first participant and the second participant.
[0176] Based on the same inventive concept, this disclosure also provides a third-party assisted set intersection device 70. Figure 7 This diagram illustrates the structure of a third-party assisted set intersection device according to an embodiment of the present disclosure, as shown below. Figure 7 As shown, it includes:
[0177] The second determining unit 701 is used to determine a first identifier shared with the third auxiliary party; the first receiving unit 702 is used to send a first request to the third auxiliary party to query the security auxiliary code corresponding to the first identifier through a concealed query protocol, and to receive the first auxiliary code dataset returned by the third auxiliary party; the first intersection unit 703 is used to perform a set intersection with the first auxiliary code dataset and the second participant to obtain a shared set of the first participant and the second participant; wherein, the first participant and the second participant are the participants that need to determine the shared set and perform set intersection.
[0178] Based on the same inventive concept, this disclosure also provides a third-party assisted set intersection device 80. Figure 8 This diagram illustrates the structure of a third-party assisted set intersection device according to an embodiment of the present disclosure, as shown below. Figure 8 As shown, it includes:
[0179] The third determining unit 801 is used to determine the second identifier shared with the third auxiliary party; the second receiving unit 802 is used to send a second request to the third auxiliary party to query the security auxiliary code corresponding to the second identifier through a concealed query protocol, and to receive the second auxiliary code dataset returned by the third auxiliary party; the second intersection unit 803 is used to perform a set intersection with the first participant using the second auxiliary code dataset to obtain a shared set of the first participant and the second participant; wherein, the first participant and the second participant are the participants that need to determine the shared set and perform set intersection.
[0180] Those skilled in the art will understand that various aspects of this disclosure can be implemented as a system, method, or program product. Therefore, various aspects of this disclosure can be specifically implemented in the following forms: a completely hardware implementation, a completely software implementation (including firmware, microcode, etc.), or a combination of hardware and software aspects, collectively referred to herein as a "circuit," "module," or "system."
[0181] The following reference Figure 9 To describe an electronic device 900 according to such an embodiment of the present disclosure. Figure 9 The electronic device 900 shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments disclosed herein.
[0182] like Figure 9 As shown, the electronic device 900 is manifested in the form of a general-purpose computing device. The components of the electronic device 900 may include, but are not limited to: at least one processing unit 910, at least one storage unit 920, and a bus 930 connecting different system components (including the storage unit 920 and the processing unit 910).
[0183] The storage unit stores program code that can be executed by the processing unit 910, causing the processing unit 910 to perform the steps described in the "Exemplary Methods" section of this specification according to various exemplary embodiments of this disclosure. For example, the processing unit 910 can perform the steps of any of the above method embodiments.
[0184] Storage unit 920 may include readable media in the form of volatile storage units, such as random access memory (RAM) 9201 and / or cache memory 9202, and may further include read-only memory (ROM) 9203.
[0185] Storage unit 920 may also include a program / utility 9204 having a set (at least one) program module 9205, such program module 9205 including but not limited to: operating system, one or more application programs, other program modules and program data, each or some combination of these examples may include an implementation of a network environment.
[0186] Bus 930 can represent one or more of several types of bus structures, including a memory cell bus or memory cell controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local bus using any of the various bus structures.
[0187] Electronic device 900 can also communicate with one or more external devices 940 (e.g., keyboard, pointing device, Bluetooth device, etc.), and with one or more devices that enable a user to interact with electronic device 900, and / or with any device that enables electronic device 900 to communicate with one or more other computing devices (e.g., router, modem, etc.). This communication can be performed via input / output (I / O) interface 950. Furthermore, electronic device 900 can also communicate with one or more networks (e.g., local area network (LAN), wide area network (WAN), and / or public networks, such as the Internet) via network adapter 960. As shown, network adapter 960 communicates with other modules of electronic device 900 via bus 930. It should be understood that, although not shown in the figures, other hardware and / or software modules can be used in conjunction with electronic device 900, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems.
[0188] From the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein can be implemented by software or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of this disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (such as a CD-ROM, USB flash drive, external hard drive, etc.) or on a network, including several instructions to cause a computing device (such as a personal computer, server, terminal device, or network device, etc.) to execute the methods according to the embodiments of this disclosure.
[0189] Specifically, according to embodiments of this disclosure, the processes described above with reference to the flowcharts can be implemented as a computer program product or a computer program, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the methods described above.
[0190] In exemplary embodiments of this disclosure, a computer-readable storage medium is also provided, which may be a readable signal medium or a readable storage medium. A program product capable of implementing the methods described above is stored thereon. In some possible implementations, various aspects of this disclosure may also be implemented as a program product including program code, which, when run on a terminal device, causes the terminal device to perform the steps described in the "Exemplary Methods" section of this specification according to various exemplary embodiments of this disclosure.
[0191] More specific examples of computer-readable storage media in this disclosure may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
[0192] In this disclosure, a computer-readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, carrying readable program code. Such propagated data signals may take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. A readable signal medium may also be any readable medium other than a readable storage medium, capable of transmitting, propagating, or transmitting a program for use by or in connection with an instruction execution system, apparatus, or device.
[0193] Optionally, the program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to wireless, wired, optical fiber, RF, etc., or any suitable combination thereof.
[0194] In practical implementation, program code for performing the operations of this disclosure can be written in any combination of one or more programming languages, including object-oriented programming languages such as Java and C++, and conventional procedural programming languages such as C or similar languages. The program code can execute entirely on the user's computing device, partially on the user's device, as a standalone software package, partially on the user's computing device and partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing device can be connected to the user's computing device via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (e.g., via the Internet using an Internet service provider).
[0195] It should be noted that although several modules or units for the device used to perform actions have been mentioned in the detailed description above, this division is not mandatory. In fact, according to embodiments of this disclosure, the features and functions of two or more modules or units described above can be embodied in one module or unit. Conversely, the features and functions of one module or unit described above can be further divided and embodied by multiple modules or units.
[0196] Furthermore, although the steps of the method in this disclosure are described in a specific order in the accompanying drawings, this does not require or imply that the steps must be performed in that specific order, or that all the steps shown must be performed to achieve the desired result. Additional or alternative steps may be omitted, multiple steps may be combined into one step, and / or a step may be broken down into multiple steps.
[0197] From the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein can be implemented by software or by combining software with necessary hardware. Therefore, the technical solutions according to the embodiments of this disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (such as a CD-ROM, USB flash drive, external hard drive, etc.) or on a network, including several instructions to cause a computing device (such as a personal computer, server, mobile terminal, or network device, etc.) to execute the methods according to the embodiments of this disclosure.
[0198] Other embodiments of this disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of this disclosure that follow the general principles of this disclosure and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this disclosure are indicated by the appended claims.
Claims
1. A set intersection method based on third-party assistance, characterized in that, Applied to a third-party assisting party, the method includes: Determine a first identifier shared with a first participant and a second identifier shared with a second participant; wherein the first participant and the second participant are participants whose shared set needs to be determined and whose set intersection needs to be calculated. Generate a security auxiliary code dataset based on the first identifier and the second identifier; Receive a first request from the first participant to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and return a first auxiliary code dataset generated based on the first identifier to the first participant; The system receives a second request from the second participant to query the security auxiliary code dataset through a hidden query protocol, and returns a second auxiliary code dataset generated based on the second identifier to the second participant, so that the first participant can use the first auxiliary code dataset and the second participant can use the second auxiliary code dataset to perform set intersection to obtain a common set of the first participant and the second participant. Specifically, for any request from either the first or second participant to query the security auxiliary code dataset via the covert query protocol, the system returns either a first auxiliary code dataset or a second auxiliary code dataset generated based on the identifier to the first or second participant, including: Obtain the ciphertext vector from the first or second request. The ciphertext vector is obtained by the participants encrypting the corresponding identifier using the ciphertext public key. Perform Lagrange polynomial interpolation on the generated plaintext key-value pairs to generate a query polynomial; An encryption polynomial is constructed using a preset value, a retrieval polynomial, and the query polynomial; wherein, substituting the identifier into the retrieval polynomial results in 0; The ciphertext vector is substituted into the corresponding retrieval polynomial and the encryption polynomial, and homomorphic encryption is performed to determine the homomorphic ciphertext corresponding to the retrieval polynomial and the encryption polynomial. The retrieval polynomial and the homomorphic ciphertext corresponding to the encryption polynomial are used as a first auxiliary code dataset or a second auxiliary code dataset, and sent to the first participant or the second participant respectively.
2. The set intersection method based on third-party assistance according to claim 1, characterized in that, The step of generating a security auxiliary code dataset based on the first identifier and the second identifier includes: Based on the first identifier and the second identifier, a security auxiliary code data table including the first identifier and the second identifier is determined in the preset security auxiliary code database; From the security auxiliary code data table, a security auxiliary code dataset independent of the first identifier and the second identifier is generated.
3. The set intersection method based on third-party assistance according to claim 1, characterized in that, After generating the security auxiliary code dataset based on the first identifier and the second identifier, the method further includes: Based on the security auxiliary code dataset, a data column is obtained; wherein, the data column includes a first identifier, a second identifier, and a security auxiliary code, and the first identifier, the second identifier, and the security auxiliary code have a corresponding relationship; Generate a first plaintext key-value pair based on the first identifier and security auxiliary code in the data column; A second plaintext key-value pair is generated based on the second identifier and security auxiliary code in the data column.
4. The set intersection method based on third-party assistance according to claim 3, characterized in that, The first request includes multiple requests to query security auxiliary codes; the first auxiliary code dataset includes multiple first auxiliary code data entries; The step of receiving a first request from the first participant to query the security auxiliary code corresponding to the first identifier through a covert query protocol, and returning a first auxiliary code dataset generated based on the first identifier to the first participant, includes: For any request from the first participant to secretly query the protocol security auxiliary code, the method for returning the first auxiliary code data generated based on the first identifier to the first participant is as follows: Obtain the first ciphertext vector from the first request; wherein the first ciphertext vector is obtained by the first participant encrypting the first identifier according to the first participant's ciphertext public key; Perform a Lagrange polynomial difference on the first plaintext key-value pair to generate a first query polynomial; wherein, by substituting any first identifier into the first query polynomial, the security auxiliary code corresponding to the first identifier is obtained; A first encryption polynomial is constructed using a first preset value, a first retrieval polynomial, and a first query polynomial; wherein, substituting any first identifier into the first retrieval polynomial results in 0. The first ciphertext vector is substituted into the first search polynomial and homomorphically encrypted to determine the first homomorphic ciphertext corresponding to the first search polynomial. Substitute the first ciphertext vector into the first encryption polynomial and perform homomorphic encryption to determine the second homomorphic ciphertext corresponding to the first encryption polynomial. The first homomorphic ciphertext and the second homomorphic ciphertext are used as the first auxiliary code data and sent to the first participant.
5. The set intersection method based on third-party assistance according to claim 3, characterized in that, The second request includes multiple requests to query security auxiliary codes; the second auxiliary code dataset includes multiple pieces of second auxiliary code data; The step of receiving a second request from the second participant to query the security auxiliary code dataset through a covert query protocol, and returning a second auxiliary code dataset generated based on the second identifier to the second participant, includes: For any request from the second participant to secretly query the protocol security auxiliary code, the method for returning the second auxiliary code data generated based on the second identifier to the second participant is as follows: Obtain the second ciphertext vector from the second request; wherein the second ciphertext vector is obtained by the second participant encrypting the second identifier using the second participant's ciphertext public key; Perform a Lagrange polynomial interpolation on the second plaintext key-value pair to generate a second query polynomial; wherein, by substituting any second identifier into the second query polynomial, the security auxiliary code corresponding to the second identifier is obtained; A second encryption polynomial is constructed using a second preset value, a second retrieval polynomial, and a second query polynomial; wherein, substituting any second identifier into the second retrieval polynomial results in 0. The second ciphertext vector is substituted into the second search polynomial and homomorphically encrypted to determine the third homomorphic ciphertext corresponding to the second search polynomial. Substitute the second ciphertext vector into the second encryption polynomial and perform homomorphic encryption to determine the fourth homomorphic ciphertext corresponding to the second encryption polynomial. The third homomorphic ciphertext and the fourth homomorphic ciphertext are used as the second auxiliary code data and sent to the second participant.
6. A set intersection method based on third-party assistance, characterized in that, Applied to the first participant, the method includes: Determine the first identifier shared with the third-party auxiliary party; A first request to query the security auxiliary code corresponding to the first identifier is sent to the third auxiliary party through a covert query protocol, and the first auxiliary code dataset returned by the third auxiliary party is received. Using the first auxiliary code dataset, the intersection of the sets of the first and second participants is performed to obtain the common set of the first and second participants; wherein, the first and second participants are the participants whose common set needs to be determined and whose set intersection needs to be performed. For any given instance of the first auxiliary code dataset returned by the third auxiliary party, the first auxiliary code dataset is the first ciphertext vector obtained by the third auxiliary party from the first request. The first ciphertext vector is obtained by the first participant encrypting the corresponding first identifier using the ciphertext public key. A Lagrange polynomial difference is performed on the generated first plaintext key-value pair to generate a first query polynomial. A first encryption polynomial is constructed using a first preset value, a first retrieval polynomial, and the first query polynomial. The result of substituting the first identifier into the first retrieval polynomial is 0. The first ciphertext vector is then substituted into the corresponding first retrieval polynomial and the first encryption polynomial, and homomorphic encryption is performed to determine the first homomorphic ciphertext and the second homomorphic ciphertext corresponding to the first retrieval polynomial and the first encryption polynomial. The first homomorphic ciphertext and the second homomorphic ciphertext are used as the first auxiliary code dataset.
7. The set intersection method based on third-party assistance according to claim 6, characterized in that, A first request to query the security auxiliary code corresponding to the first identifier is sent to the third auxiliary party through a covert query protocol, and the first auxiliary code dataset returned by the third auxiliary party is received, including: Generate a homomorphic public-private key pair for the first participant; wherein the homomorphic public-private key pair for the first participant includes the first participant's ciphertext public key and ciphertext private key; The first identifier is encrypted using the ciphertext public key of the first participant to obtain the first ciphertext vector; A first request to query the security auxiliary code corresponding to the first identifier is sent to the third auxiliary party through a covert query protocol; wherein, the first request includes a first ciphertext vector and the ciphertext public key of the first participating party; Receive the first auxiliary code dataset.
8. The set intersection method based on third-party assistance according to claim 6, characterized in that, The step of using the first auxiliary code dataset and performing set intersection with the second participant to obtain the common set of the first participant and the second participant includes: Obtain the first homomorphic ciphertext and the second homomorphic ciphertext from the first auxiliary code dataset; wherein, the second homomorphic ciphertext is the ciphertext used to query the security auxiliary code corresponding to the first identifier; and the first homomorphic ciphertext is the ciphertext used to check whether the security auxiliary code corresponding to the first identifier queried based on the second homomorphic ciphertext is correct. Substitute the first identifier into the first homomorphic ciphertext and the second homomorphic ciphertext to obtain the first query result of the first homomorphic ciphertext when the search result of the second homomorphic ciphertext is 0, and determine that the first query result is the first security auxiliary code set corresponding to the first identifier; Generate a first key based on the first set of security auxiliary codes; The first set of security auxiliary codes is hashed according to the target hash function, encrypted with the first key, and the first set of encrypted security auxiliary codes is obtained by taking the modulo value of the target large prime number. Send the first set of encrypted security auxiliary codes to the second participant; Receive a second set of encrypted security auxiliary codes sent by the second participant; wherein, the second set of encrypted security auxiliary codes is an encrypted set obtained by the second participant from the second security auxiliary code set obtained from the third auxiliary party by hashing it using the target hash function, encrypting it with the second key, and obtaining it by taking the modulo value of the target large prime number. The first target encrypted set is obtained by encrypting the second set of encryption security auxiliary codes with the first key, and then sent to the second participant. Receive the second target encrypted set sent by the second participant; By performing a set intersection between the first target encryption set and the second target encryption set, a common set of the first participant and the second participant is obtained.
9. A set intersection method based on third-party assistance, characterized in that, Applied to a second participant, the method includes: Identify a second identifier shared with the third assisting party; A second request to query the security auxiliary code corresponding to the second identifier is sent to the third auxiliary party through a covert query protocol, and the second auxiliary code dataset returned by the third auxiliary party is received. Using the second auxiliary code dataset, perform a set intersection with the first participant to obtain the common set of the first participant and the second participant; wherein, the first participant and the second participant are the participants whose common set needs to be determined and whose set intersection needs to be performed; For any given instance of the second auxiliary code dataset returned by the third auxiliary party, the second auxiliary code dataset is the second ciphertext vector obtained by the third auxiliary party from the second request. The second ciphertext vector is obtained by the second participant encrypting the corresponding second identifier using the ciphertext public key. A Lagrange polynomial difference is performed on the generated second plaintext key-value pair to generate a second query polynomial. A second encryption polynomial is constructed using a second preset value, the second retrieval polynomial, and the second query polynomial. The result of substituting the second identifier into the second retrieval polynomial is 0. The second ciphertext vector is then substituted into the corresponding second retrieval polynomial and the second encryption polynomial, and homomorphic encryption is performed to determine the third and fourth homomorphic ciphertexts corresponding to the second retrieval polynomial and the second encryption polynomial. The third and fourth homomorphic ciphertexts are used as the second auxiliary code dataset.
10. The set intersection method based on third-party assistance according to claim 9, characterized in that, The step of sending a second request to the third assisting party to query the security assistance code corresponding to the second identifier via a concealed query protocol, and receiving the second assistance code dataset returned by the third assisting party, includes: Generate a homomorphic public-private key pair for the second participant; wherein the homomorphic public-private key pair for the second participant includes the ciphertext public key and the ciphertext private key of the second participant; The second identifier is encrypted using the ciphertext public key of the second participant to obtain the second ciphertext vector; A second request is sent to the third assisting party via a covert query protocol to query the security assist code corresponding to the second identifier; wherein the second request includes a second ciphertext vector and the ciphertext public key of the second participating party; Receive the second auxiliary code dataset.
11. The set intersection method based on third-party assistance according to claim 9, characterized in that, Using the second auxiliary code dataset, perform a set intersection with the first participant's set to obtain the common set of the first participant and the second participant, including: Obtain the third and fourth homomorphic ciphertexts from the second auxiliary code dataset; wherein, the fourth homomorphic ciphertext is used to query the security auxiliary code corresponding to the second identifier; and the third homomorphic ciphertext is used to check whether the security auxiliary code corresponding to the second identifier queried based on the fourth homomorphic ciphertext is correct. Substitute the second identifier into the third homomorphic ciphertext and the fourth homomorphic ciphertext to obtain the second query result of the third homomorphic ciphertext when the search result of the fourth homomorphic ciphertext is 0. Then, determine that the second query result is the second security auxiliary code set corresponding to the second identifier. Generate a second key based on the second set of security auxiliary codes; The second security auxiliary code set is hashed according to the target hash function, encrypted with the second key, and the second encrypted security auxiliary code set is obtained by taking the modulo value of the target large prime number. Receive a first set of encrypted security auxiliary codes sent by the first participant; wherein, the first set of encrypted security auxiliary codes is an encrypted set obtained by the first participant from the first set of security auxiliary codes obtained from the third auxiliary party by hashing it using the target hash function, encrypting it with the first key, and obtaining it by taking the modulo value of the target large prime number. The first set of encryption security auxiliary codes is encrypted using the second key to obtain the second target encryption set, which is then sent to the first participant. Receive the first target encrypted set sent by the first participant; By performing a set intersection between the first target encryption set and the second target encryption set, a common set of the first participant and the second participant is obtained.
12. An electronic device, characterized in that, include: processor; as well as Memory for storing the executable instructions of the processor; The processor is configured to execute the method of any one of claims 1 to 11 by executing the executable instructions.
13. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the method described in any one of claims 1 to 11.