Quantum secure multi-party computation protocol implementation method and device, storage medium and electronic equipment

By constructing a quantum-safe multi-party computation protocol using quantum-resistant cryptographic primitives and verifiable computation technology, the security vulnerabilities of existing protocols in quantum computing environments are addressed, enabling secure joint computation under quantum computing threats and providing long-term security assurance for the future.

CN122247612APending Publication Date: 2026-06-19SHENZHEN CHIPBEST MICROELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHENZHEN CHIPBEST MICROELECTRONICS CO LTD
Filing Date
2026-04-07
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing secure multi-party computation protocols are no longer secure in a quantum computing environment. Shor's algorithm can break classical cryptographic assumptions, leading to the risk of leakage of private inputs from participants. Furthermore, existing technologies lack verifiable computation mechanisms integrated under malicious models, failing to meet multiple requirements such as quantum security, input privacy, and computational correctness, and thus cannot provide long-term protection for high-security scenarios.

Method used

A quantum-safe multi-party computation protocol is constructed using quantum-resistant cryptographic primitives. Verifiable computation technology is integrated to generate a verifiable security protocol with a verification mechanism. Formal security analysis is then performed to generate an instance of the quantum-safe multi-party computation protocol and a security certificate.

Benefits of technology

This technology enables secure joint computation among multiple parties in a quantum computing threat environment, ensuring input privacy and computational result correctness. It provides formally provable quantum-resistant security guarantees, supports secure execution under semi-honest and malicious adversary models, and meets the long-term privacy protection and compliance auditing needs of high-security scenarios such as finance, healthcare, and government.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247612A_ABST
    Figure CN122247612A_ABST
Patent Text Reader

Abstract

This application discloses a method, apparatus, storage medium, and electronic device for implementing a quantum-safe multi-party computation protocol. The method includes: acquiring a computation function, participant identities, and security requirements; compiling the computation function into a circuit representation; partitioning the circuit representation according to the identity information to generate multiple computational subtasks and their dependencies; selecting quantum-resistant cryptographic primitives for each computational subtask based on the security requirements and dependencies, and constructing a low-level security protocol based on the selected quantum-resistant cryptographic primitives; integrating verifiable computation technology into the low-level security protocol to generate a verifiable security protocol with a verification mechanism; performing formal security analysis on the verifiable security protocol to generate a security proof under a quantum adversary model; optimizing performance based on the security proof; and outputting a quantum-safe multi-party computation protocol instance and a security certificate.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of multi-party computation technology, specifically to a method, apparatus, storage medium, and electronic device for implementing a quantum-safe multi-party computation protocol. Background Technology

[0002] Secure Multi-Party Computation (MPC) allows a group of untrusted participants to jointly compute a function on their private inputs, while ensuring that each participant's input is not disclosed to the others. Since the Millionaire's Problem was proposed in 1982, MPC has become an important branch of cryptography, widely used in privacy-preserving scenarios such as financial risk control, medical data sharing, and collaborative machine learning. With increasingly stringent data privacy regulations and the continued growth in demand for cross-institutional data collaboration, secure MPC technology plays a crucial role in ensuring data is "usable but not visible."

[0003] Currently, existing secure multi-party computation protocols are typically built upon classical cryptographic assumptions. Specifically, existing technologies generally employ public-key cryptographic primitives based on large integer factorization problems (such as RSA encryption) or discrete logarithm problems (such as elliptic curve cryptography), combined with techniques such as oblivious transfer, secret sharing, or homomorphic encryption, to achieve security proofs under either a semi-honest or malicious model. For example, the classic GMW protocol, BGW protocol, and the SPDZ protocol family all rely on these classical cryptographic assumptions. These protocols provide provable security in classical computing environments and have been deployed and applied in numerous real-world systems.

[0004] However, the classical number theory assumptions (such as large integer factorization and discrete logarithms) upon which existing secure multi-party computation protocols rely are no longer secure in a quantum computing environment. Shor's algorithm can solve these problems in polynomial time. Once a sufficiently large-scale general-purpose quantum computer becomes available, existing protocols will become completely ineffective, leading to a large-scale risk of leakage of the private inputs of the participants. Simply replacing the cryptographic components in existing protocols with quantum-resistant cryptographic primitives can lead to security vulnerabilities or protocol malfunctions because the security proof of the protocol is tightly coupled with the algebraic structure of the underlying primitives. Furthermore, existing technologies lack the ability to integrate verifiable computation mechanisms under malicious models, making it difficult to simultaneously meet multiple requirements such as quantum-resistant security, input privacy, computational correctness, and practical efficiency. Consequently, they cannot provide long-term security guarantees for high-security scenarios such as finance, healthcare, and government. Summary of the Invention

[0005] This application provides a method, apparatus, storage medium, and electronic device for implementing a quantum-safe multi-party computation protocol, which can provide long-term security guarantees for all levels of scenarios.

[0006] In a first aspect, embodiments of this application provide a method for implementing a quantum-safe multi-party computation protocol, including: The calculation function, the identity information of multiple participants, and the preset security requirements are obtained, and the calculation function is compiled into a circuit to generate the circuit representation of the calculation function. The circuit representation is partitioned according to the identity information to generate multiple computational subtasks and the dependencies between the multiple computational subtasks. Based on the security requirements and dependencies, a quantum-resistant cryptographic primitive is selected for each computational subtask, and a quantum-safe multi-party computation protocol is constructed based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol. Verifiable computing technology is integrated into the underlying security protocol to generate a verifiable security protocol with a verification mechanism. Formal security analysis is performed on the verifiable security protocol to generate a security proof of the verifiable security protocol under the quantum adversary model; The verifiable security protocol is optimized for performance based on the security proof, and an instance of a quantum-safe multi-party computation protocol and its corresponding security certificate are output.

[0007] In the quantum-safe multi-party computation protocol implementation method provided in this application embodiment, the step of partitioning the circuit representation according to the identity information to generate multiple computational subtasks and the dependencies between the multiple computational subtasks includes: Based on the ownership of the input data upon which each gate in the circuit representation depends, the circuit representation is divided into a local computing part and a secure computing part; The computation task of each gate circuit in the local computing part is assigned to the corresponding participant as an independent computation subtask; The secure computing component is broken down into multiple computing subtasks that require multi-party interaction, and a dependency graph is established between these multi-party interactive computing subtasks based on the data flow.

[0008] In the quantum-safe multi-party computation protocol implementation method provided in this application embodiment, the step of selecting a quantum-resistant cryptographic primitive for each computational subtask according to the security requirements and the dependencies includes: The quantum security level is determined according to the security requirements, and candidate quantum-resistant cryptographic primitives that meet the quantum security level are selected from the preset quantum-resistant cryptographic primitive library. For an independent computational subtask, a local encryption primitive is selected from the candidate quantum-resistant cryptographic primitives. The local encryption primitive is used to locally encrypt and protect the private inputs of the participants. For computational subtasks involving multiple parties, corresponding interactive cryptographic primitives are selected based on the interaction mode and scope of participants in the dependency graph. These interactive cryptographic primitives include quantum-resistant secret-sharing primitives and quantum-resistant unintentional transmission primitives.

[0009] In the quantum-safe multi-party computation protocol implementation method provided in this application embodiment, the step of constructing a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol includes: A quantum-resistant secret-sharing scheme is constructed using the selected quantum-resistant cryptographic primitives, which is used to split the private input of each participant into multiple fragments and distribute them to other participants according to the dependency graph; A quantum-resistant unintentional transmission protocol is constructed using the selected quantum-resistant cryptographic primitives to enable selective data transmission between participants during the execution of the computational subtasks requiring multi-party interaction. The quantum-resistant secret sharing scheme and the quantum-resistant unintentional transmission protocol are combined according to the dependency graph to generate the underlying security protocol.

[0010] In the quantum-safe multi-party computation protocol implementation method provided in the embodiments of this application, the quantum-resistant cryptographic primitives include lattice-based cryptographic primitives, encoding-based cryptographic primitives, multi-dimensional cryptographic primitives, or hash-based signature primitives.

[0011] In the quantum-safe multi-party computation protocol implementation method provided in this application embodiment, the step of integrating verifiable computation technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism includes: A zero-knowledge proof generation module is embedded in each interaction step of the underlying security protocol to enable the sender to generate a zero-knowledge proof that its behavior is correct. A concise, non-interactive knowledge verification module is integrated into the underlying security protocol to generate publicly verifiable proofs of the correctness of the entire computation process. Verifiable delay functions are embedded at key time points in the underlying security protocol to prevent preemptive attacks. The zero-knowledge proof module, the concise non-interactive knowledge argument module, and the verifiable delay function module are combined with the underlying security protocol to generate the verifiable security protocol with a verification mechanism.

[0012] In the quantum-safe multi-party computation protocol implementation method provided in this application embodiment, the computation function includes at least one of a statistical function, a machine learning model training function, and a joint data analysis function; the multiple participating parties include multiple institutions in a financial system, multiple data providers in a medical system, or multiple departments in a government cross-departmental collaboration system.

[0013] Secondly, embodiments of this application provide a device for implementing a quantum-safe multi-party computation protocol, including: The acquisition unit is used to acquire the calculation function, the identity information of multiple participants, and the preset security requirements, and to perform circuit compilation on the calculation function to generate the circuit representation of the calculation function; A partitioning unit is used to partition the circuit representation according to the identity information, and generate multiple computational subtasks and the dependencies between the multiple computational subtasks. The selection unit is used to select a quantum-resistant cryptographic primitive for each computational subtask according to the security requirements and the dependencies, and to construct a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol. An integration unit is used to integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism. An analysis unit is used to perform formal security analysis on the verifiable security protocol and generate a security proof of the verifiable security protocol under the quantum adversary model. The optimization unit is used to optimize the performance of the verifiable security protocol based on the security proof, and output a quantum-safe multi-party computation protocol instance and the corresponding security certificate.

[0014] Thirdly, this application provides a storage medium storing a plurality of instructions adapted for loading by a processor to execute the quantum-safe multi-party computation protocol implementation method described in any of the preceding claims.

[0015] Fourthly, this application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the quantum-safe multi-party computation protocol implementation method described in any of the preceding claims.

[0016] In summary, the quantum-safe multi-party computation protocol implementation method provided in this application includes: acquiring a computation function, identity information of multiple participants, and preset security requirements; compiling the computation function into a circuit to generate a circuit representation of the computation function; partitioning the circuit representation according to the identity information to generate multiple computational subtasks and dependencies between the multiple computational subtasks; selecting a quantum-resistant cryptographic primitive for each computational subtask according to the security requirements and the dependencies, and constructing a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain a bottom-level security protocol; integrating verifiable computation technology into the bottom-level security protocol to generate a verifiable security protocol with a verification mechanism; performing formal security analysis on the verifiable security protocol to generate a security proof of the verifiable security protocol under the quantum adversary model; optimizing the performance of the verifiable security protocol based on the security proof, and outputting a quantum-safe multi-party computation protocol instance and a corresponding security certificate. The embodiments of this application can enable secure joint computation of private inputs by multiple participants in a quantum computing threat environment. By integrating quantum-resistant cryptographic primitives and verifiable computation technology, it provides formally provable quantum-resistant security guarantees while ensuring input privacy and the correctness of computation results. It also supports secure execution under semi-honest and malicious adversary models, thereby meeting the needs of high-security scenarios such as finance, healthcare, and government for long-term privacy protection and compliance auditing. Attached Figure Description

[0017] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0018] Figure 1 This is a schematic diagram illustrating an application scenario of the quantum-safe multi-party computation protocol implementation method provided in the embodiments of this application.

[0019] Figure 2 This is a flowchart illustrating the implementation method of the quantum-safe multi-party computation protocol provided in the embodiments of this application.

[0020] Figure 3 This is a schematic diagram of the structure of the quantum-safe multi-party computation protocol implementation device provided in the embodiments of this application.

[0021] Figure 4 This is a schematic diagram of the structure of the electronic device provided in the embodiments of this application. Detailed Implementation

[0022] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.

[0023] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element. Furthermore, components, features, and elements with the same names in different embodiments of this application may have the same meaning or different meanings, the specific meaning of which must be determined by its interpretation in that specific embodiment or further in conjunction with the context of that specific embodiment.

[0024] It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to limit this application.

[0025] In the following description, the use of suffixes such as "module," "part," or "unit" to denote elements is solely for the purpose of illustrative purposes and has no specific meaning in itself. Therefore, "module," "part," or "unit" may be used interchangeably.

[0026] In the description of this application, it should be noted that the terms "upper," "lower," "left," "right," "inner," and "outer," etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings. They are used only for the convenience of describing this application and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. Therefore, they should not be construed as limitations on this application. In addition, terms such as "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance.

[0027] The classical number theory assumptions (such as large integer factorization and discrete logarithms) upon which existing secure multi-party computation protocols rely are no longer secure in a quantum computing environment. Shor's algorithm can solve these problems in polynomial time. Once a sufficiently large-scale general-purpose quantum computer becomes available, existing protocols will become completely ineffective, leading to a large-scale risk of leakage of the private inputs of the participants. Simply replacing the cryptographic components in existing protocols with quantum-resistant cryptographic primitives can lead to security vulnerabilities or protocol malfunctions because the security proof of the protocol is tightly coupled with the algebraic structure of the underlying primitives. Furthermore, current technologies lack the ability to integrate verifiable computation mechanisms under malicious models, making it difficult to simultaneously meet multiple requirements such as quantum-resistant security, input privacy, computational correctness, and practical efficiency. Consequently, they cannot provide long-term security guarantees for high-security scenarios such as finance, healthcare, and government.

[0028] Based on this, embodiments of this application provide a method, apparatus, storage medium, and electronic device for implementing a quantum-safe multi-party computation protocol. Specifically, the quantum-safe multi-party computation protocol implementation apparatus can be integrated into an electronic device, which can be a server or a terminal, etc. The terminal can include mobile phones, wearable smart devices, tablets, laptops, and personal computers (PCs), etc., as well as other computers and auxiliary devices. The server can be a single server or a server cluster composed of multiple servers, and can be a physical server or a virtual server.

[0029] For example, such as Figure 1 As shown, the electronic device can acquire the computation function, the identity information of multiple participants, and preset security requirements. It then performs circuit compilation on the computation function to generate its circuit representation. Based on the identity information, the circuit representation is partitioned to generate multiple computational subtasks and dependencies between them. According to the security requirements and dependencies, a quantum-resistant cryptographic primitive is selected for each computational subtask, and a quantum-safe multi-party computation protocol is constructed based on the selected primitive, resulting in a low-level security protocol. Verifiable computation technology is integrated into the low-level security protocol to generate a verifiable security protocol with a verification mechanism. Formal security analysis is performed on the verifiable security protocol to generate a security proof of the protocol under the quantum adversary model. Based on the security proof, the performance of the verifiable security protocol is optimized, and an instance of the quantum-safe multi-party computation protocol and its corresponding security certificate are output.

[0030] The technical solutions shown in this application will be described in detail below through specific embodiments. It should be noted that the order of description of the following embodiments is not intended to limit the priority of the embodiments.

[0031] Please see Figure 2 , Figure 2This is a flowchart illustrating the implementation method of the quantum-safe multi-party computation protocol provided in this application embodiment. The specific flow of the implementation method of the quantum-safe multi-party computation protocol can be as follows: 101. Obtain the calculation function, the identity information of multiple participants, and the preset security requirements, and compile the calculation function into a circuit to generate the circuit representation of the calculation function.

[0032] In this context, a computational function refers to a function that multiple participants wish to jointly calculate. This computational function can include at least one of the following: a statistical function, a machine learning model training function, or a joint data analysis function. For example, in a financial system, multiple banking institutions may wish to jointly calculate the total amount of non-performing loans among themselves without disclosing their individual non-performing loan data; in this case, the computational function is a summation function. In a healthcare system, multiple hospitals may wish to jointly train a disease prediction model without disclosing their individual patient data; in this case, the computational function is a machine learning model training function. In a cross-departmental government collaboration system, multiple government departments may wish to jointly analyze cross-departmental statistical data without disclosing their individual raw data; in this case, the computational function is a joint data analysis function.

[0033] The identity information of multiple participants includes their unique identifiers, network addresses, public key certificates, etc., used to identify and authenticate each participant during subsequent protocol execution. Preset security requirements include the required security level, trust model, and quantum-resistant security level. For example, the security level can be set to 128-bit quantum security or 256-bit quantum security; the trust model can be set to a semi-honest model or a malicious model.

[0034] In some embodiments, the computation function is compiled into a circuit to generate a circuit representation of the computation function, which can be done as follows: The process involves acquiring the source code or intermediate representation of the computation function and performing syntax and semantic analysis to identify arithmetic and logical operations. Based on the distribution of operation types within the computation function, a circuit type is selected, including arithmetic circuits and Boolean circuits. When the proportion of arithmetic operations in the computation function exceeds a preset threshold, an arithmetic circuit is selected as the circuit representation type, and addition operations are compiled into addition gates, and multiplication operations into multiplication gates. Conversely, when the proportion of logical operations exceeds a preset threshold, a Boolean circuit is selected as the circuit representation type, and AND operations are compiled into AND gates, OR operations into OR gates, and NOT operations into NOT gates. Based on the input parameters and output results of the computation function, the input and output ports of the circuit representation are determined. Each input port corresponds one-to-one with the private inputs of multiple participants, and the output port corresponds to the computation result of the computation function. The final output is a circuit representation containing multiple gate circuits, input ports, output ports, and the connections between these gate circuits.

[0035] For example, in a financial risk control scenario, three banks want to jointly calculate a Boolean result: "Whether the total amount of non-performing loans of each bank exceeds a preset threshold." The calculation function can be represented as: f(x1,x2,x3)=(x1+x2+x3)>T, where x1,x2,x3 are the non-performing loan amounts of the three banks, and T is the preset threshold. Since this calculation function includes addition and comparison operations, the system can compile it into an arithmetic circuit representation containing addition gates and comparison gates. 102. Partition the circuit representation according to the identity information to generate multiple computational subtasks and the dependencies between the multiple computational subtasks.

[0036] In some embodiments, step 102 may be as follows: First, based on the ownership of the input data upon which each gate in the circuit representation depends, the circuit representation is divided into a local computation part and a secure computation part.

[0037] In this context, the ownership of input data refers to the private input of each gate circuit from which participant it originates. If all input data for a gate circuit originates from the same participant, then the gate circuit belongs to the local computing part; if the input data for a gate circuit originates from multiple different participants, then the gate circuit belongs to the secure computing part.

[0038] Then, the computation task of each gate circuit in the local computing part is assigned to the corresponding participant as an independent computation subtask.

[0039] It should be noted that these independent computational subtasks can be completed independently by the participants locally without interaction with other participants.

[0040] Finally, the secure computing component is broken down into multiple computing subtasks that require multi-party interaction, and a dependency graph is established between these multi-party interactive computing subtasks based on the data flow.

[0041] The dependency graph is used to describe the data dependencies between computational subtasks, meaning that the output of one computational subtask may serve as the input of another computational subtask.

[0042] For example, continuing with the aforementioned financial risk control scenario, the circuit representation of f(x1,x2,x3)=(x1+x2+x3)>T includes three input ports (corresponding to the non-performing loan amounts of the three banks), an addition gate, and a comparison gate. The input to the addition gate comes from the three banks and is part of the secure computation, requiring decomposition into multiple subtasks involving multi-party interaction. The input to the comparison gate includes the output of the addition gate and a preset threshold T. Since the output of the addition gate requires multi-party interaction for computation, the comparison gate also belongs to the secure computation part. The system decomposes the addition operation into multiple addition subtasks requiring multi-party interaction and establishes a dependency graph based on the data flow, explicitly using the output of the addition subtasks as the input to the comparison gate.

[0043] 103. Based on security requirements and dependencies, select quantum-resistant cryptographic primitives for each computational subtask, and construct a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitives to obtain the underlying security protocol.

[0044] Specifically, the step "selecting quantum-resistant cryptographic primitives for each computational subtask based on security requirements and dependencies" may include the following steps: 1031. Determine the quantum security level according to security requirements, and select candidate quantum-resistant cryptographic primitives that meet the quantum security level from the preset quantum-resistant cryptographic primitive library.

[0045] Quantum-resistant cryptographic primitives include lattice-based cryptographic primitives, encoding-based cryptographic primitives, multi-element cryptographic primitives, or hash-based signature primitives. For example, lattice-based cryptographic primitives can use Kyber or Frodo, encoding-based cryptographic primitives can use McEliece, and hash-based signature primitives can use SPHINCS+.

[0046] 1032. For independent computational subtasks, select local encryption primitives from the candidate quantum-resistant cryptographic primitives. Local encryption primitives are used to locally encrypt and protect the private inputs of the participants.

[0047] In some embodiments, the local cryptographic primitives may employ a lattice-based symmetric encryption scheme or a hash-based encryption scheme.

[0048] 1033. For computational subtasks involving multiple parties, select the corresponding interactive cryptographic primitives based on the interaction mode and the scope of participants in the dependency graph. Interactive cryptographic primitives include quantum-resistant secret sharing primitives and quantum-resistant unintentional transmission primitives.

[0049] Among them, the quantum-resistant secret sharing primitive is used to split the private input of a participant into multiple fragments and distribute them to other participants; the quantum-resistant unintentional transmission primitive is used to achieve selective data transmission between participants during multi-party interactions, ensuring that the receiver can only obtain the data it is entitled to, while the sender cannot know which data the receiver has selected.

[0050] After selecting quantum-resistant cryptographic primitives, a quantum-safe multi-party computation protocol can be constructed based on these primitives to obtain the underlying security protocol. Specifically, a quantum-resistant secret-sharing scheme can be constructed using the selected quantum-resistant cryptographic primitives to break down each participant's private input into multiple fragments and distribute them to other participants according to a dependency graph. A quantum-resistant inadvertent transmission protocol can also be constructed using the selected quantum-resistant cryptographic primitives to enable selective data transmission between participants during the execution of computational subtasks requiring multi-party interaction. The quantum-resistant secret-sharing scheme and the quantum-resistant inadvertent transmission protocol are then combined according to the dependency graph to generate the underlying security protocol.

[0051] For example, in the aforementioned financial risk control scenario, for the addition subtask requiring multi-party interaction, the system chooses a lattice-based quantum-resistant secret sharing primitive. The system divides the non-performing loan amounts of the three banks into three fragments and distributes these fragments to the other banks. Then, each bank performs addition on its received fragments locally to obtain the fragment representing the addition result. Finally, through a quantum-resistant accidental transmission protocol, the banks exchange the fragments representing the addition result, reconstructing the true value of the sum. Throughout this process, no single bank can know the non-performing loan amounts of the other banks, and the security of the entire protocol is based on a lattice-based mathematical problem, making it resistant to quantum attacks.

[0052] 104. Integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism.

[0053] Specifically, a zero-knowledge proof generation module can be embedded in each interaction step of the underlying security protocol to enable the sender to generate zero-knowledge proofs that prove its behavior is correct.

[0054] Zero-knowledge proofs are used to prove that the data sent by the sender is correct, originates from its private input, and conforms to the protocol specifications, but the proof itself does not reveal any information about the private input. To address quantum security requirements, zero-knowledge proofs employ quantum-resistant zero-knowledge proof schemes, such as lattice-based or hash-based schemes.

[0055] Next, a concise, non-interactive knowledge verification module is integrated into the underlying security protocol to generate publicly verifiable proofs of the correctness of the entire computation process.

[0056] It should be noted that the concise non-interactive knowledge proof module can adopt the hash-based STARKs scheme, which does not rely on elliptic curve cryptography, is resistant to quantum attacks, and has high efficiency in the proof generation and verification process.

[0057] Subsequently, verifiable delay functions are embedded at critical time points in the underlying security protocol to prevent preemptive attacks.

[0058] In this embodiment, key time nodes include the submission phase disclosure node and the output phase synchronization node. A verifiable delay function ensures that even a quantum adversary with extremely high computational power cannot accelerate the process, thereby preventing adversaries from calculating results before others and interfering with the protocol.

[0059] Finally, the zero-knowledge proof module, the concise non-interactive knowledge argumentation module, and the verifiable delay function module are combined with the underlying security protocol to generate a verifiable security protocol with a verification mechanism.

[0060] For example, in the aforementioned financial risk control scenario, the system embeds a zero-knowledge proof generation module during the step of banks sending secret shared fragments. Each bank generates a zero-knowledge proof simultaneously with sending the fragment, demonstrating that the fragment indeed originates from its non-performing loan amount. Other banks, upon receiving the fragment, first verify the zero-knowledge proof to confirm its correctness before proceeding with subsequent calculations. In the final output stage, the system generates a concise, non-interactive knowledge proof demonstrating that the entire computation process (including fragment distribution, local addition, and result reconstruction) was executed correctly. Any third party can verify this proof without re-performing the computation. Furthermore, a verifiable delay function is embedded in the result disclosure node to ensure all banks receive the final result simultaneously, preventing preemptive attacks.

[0061] 105. Perform formal security analysis on verifiable security protocols and generate security proofs of verifiable security protocols under the quantum adversary model.

[0062] Specifically, we can first construct an ideal functional model to define the ideal security goals of quantum-safe multi-party computation. It should be noted that this ideal functional model describes a process in an ideal world where a trusted third party directly receives the private inputs of all participants, computes the function, and returns the results to each participant. In this ideal world, privacy and correctness are naturally guaranteed.

[0063] Then, based on the general composability framework, it is proved that verifiable secure protocols can simulate ideal functional models under the quantum adversary model. This general composability framework is a formal security proof framework that proves the security of a protocol by demonstrating that the real-world protocol is indistinguishable from the ideal functional model.

[0064] Finally, privacy proofs, correctness proofs, and robustness proofs are generated, forming a formalized security proof document. The privacy proof ensures that no quantum adversary can infer the private inputs of the participants from the protocol interactions; the correctness proof ensures that the computational results output by honest participants are consistent with the computation function; and the robustness proof ensures that the protocol remains secure even when a predetermined number of malicious participants are present.

[0065] For example, in the aforementioned financial risk control scenario, the system generates a formal security proof document to prove that the protocol satisfies privacy (no quantum adversary can infer the amount of non-performing loans of any bank from the protocol interaction), correctness (the final calculation result obtained by all banks is consistent with the result of directly calculating the total amount of non-performing loans and comparing it with the threshold) and robustness (even if there is a malicious bank trying to break the protocol, honest banks can still obtain the correct result).

[0066] 106. Optimize the performance of verifiable security protocols based on security proofs, and output an example of a quantum-safe multi-party computation protocol and its corresponding security certificate.

[0067] Specifically, based on the security proof, the cryptographic parameters in the verifiable security protocol can be optimized to determine the lattice dimension, noise parameter, and proof size. For example, while ensuring quantum security, the smallest lattice dimension and noise parameter can be selected to reduce computational and communication overhead.

[0068] Then, the performance limits for communication complexity, computational overhead, and round complexity are output. Communication complexity describes the total amount of data transferred between the participants during protocol execution; computational overhead describes the computation time of each participant during protocol execution; and round complexity describes the number of interaction rounds required for protocol execution.

[0069] Next, based on performance limits, a deployable instance of a quantum-safe multi-party computation protocol is generated. This instance includes the interaction flow, message format, and encryption parameters for each participant. The protocol instance can be directly deployed in a real-world system, allowing participants to perform secure computations.

[0070] Finally, a security certificate is output, which includes a summary of the formal security proof document and the verification method. The security certificate can be used for auditing or compliance reviews to demonstrate that the protocol possesses provable security under the quantum adversary model.

[0071] For example, in the aforementioned financial risk control scenario, the system optimizes cryptographic parameters based on security proofs, reducing the lattice dimension from 1024 to 768. While maintaining a 128-bit quantum security level, this reduces computation time by 30%. The system outputs a protocol instance containing the interaction flow, message format, and encryption parameters, which the three banks can use to perform secure computations. Simultaneously, the system outputs a security certificate for auditing by financial regulatory agencies, demonstrating that the protocol effectively protects the privacy of each bank's non-performing loan data and is resistant to future quantum computer attacks.

[0072] In summary, the sub-secure multi-party computation protocol implementation method provided in this application includes obtaining a computation function, the identity information of multiple participants, and preset security requirements; compiling the computation function into a circuit to generate a circuit representation of the computation function; partitioning the circuit representation according to the identity information to generate multiple computation subtasks and dependencies between them; selecting a quantum-resistant cryptographic primitive for each computation subtask based on the security requirements and dependencies; constructing a quantum-secure multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain a bottom-level security protocol; integrating verifiable computation technology into the bottom-level security protocol to generate a verifiable security protocol with a verification mechanism; performing formal security analysis on the verifiable security protocol to generate a security proof of the verifiable security protocol under the quantum adversary model; optimizing the performance of the verifiable security protocol based on the security proof; and outputting a quantum-secure multi-party computation protocol instance and the corresponding security certificate. This application embodiment, by deeply integrating quantum-resistant cryptographic primitives with verifiable computation technology and supplementing it with formal security proofs, constructs a secure computation framework that simultaneously possesses resistance to quantum attacks and verifiable correctness, thereby providing long-term security assurance for high-security scenarios such as finance, healthcare, and government.

[0073] To facilitate better implementation of the quantum-safe multi-party computation protocol implementation method provided in this application, this application also provides a quantum-safe multi-party computation protocol implementation device. The meanings of the terms used are the same as in the above-described quantum-safe multi-party computation protocol implementation method, and specific implementation details can be found in the descriptions in the method embodiments.

[0074] Please see Figure 3 , Figure 3 This is a schematic diagram of the structure of a quantum-safe multi-party computation protocol implementation device provided in an embodiment of this application. The quantum-safe multi-party computation protocol implementation device may include an acquisition unit 201, a partitioning unit 202, a selection unit 203, an integration unit 204, an analysis unit 205, and an optimization unit 206. The acquisition unit 201 is used to acquire the calculation function, the identity information of multiple participants and the preset security requirements, and to perform circuit compilation on the calculation function to generate the circuit representation of the calculation function; Partitioning unit 202 is used to partition the circuit representation according to the identity information, and generate multiple computing subtasks and the dependencies between the multiple computing subtasks. Selection unit 203 is used to select a quantum-resistant cryptographic primitive for each computational subtask according to the security requirements and the dependency relationship, and to construct a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol; Integration unit 204 is used to integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism; Analysis unit 205 is used to perform formal security analysis on the verifiable security protocol and generate a security proof of the verifiable security protocol under the quantum adversary model; The optimization unit 206 is used to optimize the performance of the verifiable security protocol based on the security proof, and output a quantum-safe multi-party computation protocol instance and the corresponding security certificate.

[0075] For specific implementation methods of each of the above units, please refer to the embodiments of the quantum-safe multi-party computation protocol implementation method described above, which will not be repeated here.

[0076] In summary, the quantum-safe multi-party computation protocol implementation device provided in this application can construct a secure computation framework that simultaneously possesses resistance to quantum attacks and verifiable correctness by deeply integrating quantum-resistant cryptographic primitives with verifiable computation technology and supplementing it with formal security proofs. This provides long-term security assurance for high-security scenarios such as finance, healthcare, and government.

[0077] This application also provides an electronic device that can integrate the quantum-safe multi-party computation protocol implementation device of this application, such as... Figure 4 As shown, it illustrates a structural schematic diagram of the electronic device involved in the embodiments of this application, specifically: The electronic device may include components such as a processor 301 with one or more processing cores and a memory 302 with one or more computer-readable storage media. Those skilled in the art will understand that... Figure 4 The electronic device structure shown does not constitute a limitation on the electronic device and may include more or fewer components than shown, or combine certain components, or have different component arrangements. Wherein: The processor 301 is the control center of the electronic device. It connects various parts of the electronic device via various interfaces and lines. By running or executing software programs stored in the memory 302 and / or this application, and by calling data stored in the memory 302, it performs various functions and processes data, thereby providing overall monitoring of the electronic device. Optionally, the processor 301 may include one or more processing cores; preferably, the processor 301 may integrate an application processor and a modem processor, wherein the application processor mainly handles the operation of the storage medium, user interface, and application programs, while the modem processor mainly handles wireless communication. It is understood that the modem processor may not be integrated into the processor 301.

[0078] The memory 302 can be used to store software programs and this application. The processor 301 executes various functional applications and data processing by running the software programs and this application stored in the memory 302. The memory 302 may mainly include a program storage area and a data storage area. The program storage area may store applications required for operating the storage medium and at least one function; the data storage area may store data created based on the use of the electronic device. In addition, the memory 302 may include high-speed random access memory and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 302 may also include a memory controller to provide the processor 301 with access to the memory 302.

[0079] Although not shown, the electronic device may also include a display unit, an input unit, and a power supply, etc., which will not be described in detail here. Specifically, in this embodiment, the processor 301 in the electronic device loads the executable files corresponding to the processes of one or more application programs into the memory 302 according to the following instructions, and the processor 301 runs the application programs stored in the memory 302 to realize various functions, as follows: The system acquires the computation function, the identity information of multiple participants, and the preset security requirements, and performs circuit compilation on the computation function to generate the circuit representation of the computation function. The circuit representation is partitioned according to the identity information, generating multiple computational subtasks and the dependencies between the multiple computational subtasks; Based on security requirements and dependencies, quantum-resistant cryptographic primitives are selected for each computational subtask, and a quantum-safe multi-party computation protocol is constructed based on the selected quantum-resistant cryptographic primitives to obtain the underlying security protocol. Integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism; Formal security analysis is performed on verifiable security protocols to generate security proofs of the verifiable security protocols under the quantum adversary model; The verifiable security protocol is optimized based on the security proof, and an example of a quantum-safe multi-party computation protocol and its corresponding security certificate are output.

[0080] Those skilled in the art will understand that all or part of the steps in the various methods of the above embodiments can be performed by instructions, or by instructions controlling related hardware. These instructions can be stored in a computer-readable storage medium and loaded and executed by a processor.

[0081] Therefore, embodiments of this application provide a storage medium storing a plurality of instructions that can be loaded by a processor to execute steps in any of the methods provided in embodiments of this application. For example, the instructions can execute the following steps: The system acquires the computation function, the identity information of multiple participants, and the preset security requirements, and performs circuit compilation on the computation function to generate the circuit representation of the computation function. The circuit representation is partitioned according to the identity information, generating multiple computational subtasks and the dependencies between the multiple computational subtasks; Based on security requirements and dependencies, quantum-resistant cryptographic primitives are selected for each computational subtask, and a quantum-safe multi-party computation protocol is constructed based on the selected quantum-resistant cryptographic primitives to obtain the underlying security protocol. Integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism; Formal security analysis is performed on verifiable security protocols to generate security proofs of the verifiable security protocols under the quantum adversary model; The verifiable security protocol is optimized based on the security proof, and an example of a quantum-safe multi-party computation protocol and its corresponding security certificate are output.

[0082] For details on the implementation of each of the above operations, please refer to the previous examples, which will not be repeated here.

[0083] The storage medium may include: read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.

[0084] Since the instructions stored in the storage medium can execute the steps of any method provided in the embodiments of this application, the beneficial effects that any method provided in the embodiments of this application can achieve can be realized. For details, please refer to the previous embodiments, which will not be repeated here.

[0085] The foregoing has provided a detailed description of the quantum-safe multi-party computation protocol implementation method, apparatus, storage medium, and electronic device provided in this application. Specific examples have been used to illustrate the principles and implementation methods of this application. The descriptions of the above embodiments are only for the purpose of helping to understand the core ideas of this application. At the same time, for those skilled in the art, there will be changes in the specific implementation methods and application scope based on the ideas of this application. Therefore, the content of this specification should not be construed as a limitation of this application.

Claims

1. A method for implementing a quantum-safe multi-party computation protocol, characterized in that, include: The calculation function, the identity information of multiple participants, and the preset security requirements are obtained, and the calculation function is compiled into a circuit to generate the circuit representation of the calculation function. The circuit representation is partitioned according to the identity information to generate multiple computational subtasks and the dependencies between the multiple computational subtasks. Based on the security requirements and dependencies, a quantum-resistant cryptographic primitive is selected for each computational subtask, and a quantum-safe multi-party computation protocol is constructed based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol. Verifiable computing technology is integrated into the underlying security protocol to generate a verifiable security protocol with a verification mechanism. Formal security analysis is performed on the verifiable security protocol to generate a security proof of the verifiable security protocol under the quantum adversary model; The verifiable security protocol is optimized for performance based on the security proof, and an instance of a quantum-safe multi-party computation protocol and its corresponding security certificate are output.

2. The method for implementing a quantum-safe multi-party computation protocol as described in claim 1, characterized in that, The step of partitioning the circuit representation according to the identity information to generate multiple computational subtasks and the dependencies between the multiple computational subtasks includes: Based on the ownership of the input data upon which each gate in the circuit representation depends, the circuit representation is divided into a local computing part and a secure computing part; The computation task of each gate circuit in the local computing part is assigned to the corresponding participant as an independent computation subtask; The secure computing component is broken down into multiple computing subtasks that require multi-party interaction, and a dependency graph is established between these multi-party interactive computing subtasks based on the data flow.

3. The method for implementing a quantum-safe multi-party computation protocol as described in claim 2, characterized in that, The step of selecting quantum-resistant cryptographic primitives for each computational subtask based on the security requirements and the dependencies includes: The quantum security level is determined according to the security requirements, and candidate quantum-resistant cryptographic primitives that meet the quantum security level are selected from the preset quantum-resistant cryptographic primitive library. For an independent computational subtask, a local encryption primitive is selected from the candidate quantum-resistant cryptographic primitives. The local encryption primitive is used to locally encrypt and protect the private inputs of the participants. For computational subtasks involving multiple parties, corresponding interactive cryptographic primitives are selected based on the interaction mode and scope of participants in the dependency graph. These interactive cryptographic primitives include quantum-resistant secret-sharing primitives and quantum-resistant unintentional transmission primitives.

4. The method for implementing a quantum-safe multi-party computation protocol as described in claim 3, characterized in that, The quantum-safe multi-party computation protocol is constructed based on the selected quantum-resistant cryptographic primitives, resulting in a low-level security protocol, including: A quantum-resistant secret-sharing scheme is constructed using the selected quantum-resistant cryptographic primitives, which is used to split the private input of each participant into multiple fragments and distribute them to other participants according to the dependency graph; A quantum-resistant unintentional transmission protocol is constructed using the selected quantum-resistant cryptographic primitives to enable selective data transmission between participants during the execution of the computational subtasks requiring multi-party interaction. The quantum-resistant secret sharing scheme and the quantum-resistant unintentional transmission protocol are combined according to the dependency graph to generate the underlying security protocol.

5. The method for implementing a quantum-safe multi-party computation protocol as described in claim 1, characterized in that, The quantum-resistant cryptographic primitives include lattice-based cryptographic primitives, encoding-based cryptographic primitives, multi-element cryptographic primitives, or hash-based signature primitives.

6. The method for implementing a quantum-safe multi-party computation protocol as described in claim 1, characterized in that, The integration of verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism includes: A zero-knowledge proof generation module is embedded in each interaction step of the underlying security protocol to enable the sender to generate a zero-knowledge proof that its behavior is correct. A concise, non-interactive knowledge verification module is integrated into the underlying security protocol to generate publicly verifiable proofs of the correctness of the entire computation process. Verifiable delay functions are embedded at key time points in the underlying security protocol to prevent preemptive attacks. The zero-knowledge proof module, the concise non-interactive knowledge argument module, and the verifiable delay function module are combined with the underlying security protocol to generate the verifiable security protocol with a verification mechanism.

7. The method for implementing a quantum-safe multi-party computation protocol as described in any one of claims 1-6, characterized in that, The calculation function includes at least one of statistical functions, machine learning model training functions, and joint data analysis functions; the multiple participants include multiple institutions in the financial system, multiple data providers in the medical system, or multiple departments in the government cross-departmental collaboration system.

8. A device for implementing a quantum-safe multi-party computation protocol, characterized in that, include: The acquisition unit is used to acquire the calculation function, the identity information of multiple participants, and the preset security requirements, and to perform circuit compilation on the calculation function to generate the circuit representation of the calculation function; A partitioning unit is used to partition the circuit representation according to the identity information, and generate multiple computational subtasks and the dependencies between the multiple computational subtasks. The selection unit is used to select a quantum-resistant cryptographic primitive for each computational subtask according to the security requirements and the dependencies, and to construct a quantum-safe multi-party computation protocol based on the selected quantum-resistant cryptographic primitive to obtain the underlying security protocol. An integration unit is used to integrate verifiable computing technology into the underlying security protocol to generate a verifiable security protocol with a verification mechanism. An analysis unit is used to perform formal security analysis on the verifiable security protocol and generate a security proof of the verifiable security protocol under the quantum adversary model. The optimization unit is used to optimize the performance of the verifiable security protocol based on the security proof, and output a quantum-safe multi-party computation protocol instance and the corresponding security certificate.

9. A storage medium, characterized in that, The storage medium stores multiple instructions, which are adapted for loading by a processor to execute the quantum-safe multi-party computation protocol implementation method according to any one of claims 1-7.

10. An electronic device, characterized in that, It includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the computer program, it implements the quantum-safe multi-party computation protocol implementation method as described in any one of claims 1-7.